Thursday, October 22, 2015

RDS/RDP Support for TLS 1.1 and TLS 1.2 - KB3080079

Great news!

It appears Microsoft has finally released a patch for Windows 7/Server 2008 R2 that adds support for TLS 1.1 and 1.2 to the RDP protocol. The patch can be found at https://support.microsoft.com/en-us/kb/3080079.

But what about enabling TLS 1.2 support in your RDS 2012 R2 farm? When you set the security options on a Session Collection, clearly it lists support for TLS 1.0 only, as shown below.
TLS 1.0 support in the RDS console
TLS 1.0 support in the RDS console
Well, apparently RDS already supports TLS 1.2, despite what the GUI states. Microsoft also recently published another KB article explaining this - https://support.microsoft.com/en-us/kb/3097192

Consider the following scenario:
  • You have a computer that's running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2.
  • You have the Remote Desktop Connection Broker (RDCB) role configured on this computer.
  • You try to secure the RDP connections to the target computers by using SSL encryption (Transport Layer Security (TLS)).In this scenario, you may notice that the Security Layer list displays SSL (TLS 1.0), even though it's actually using TLS 1.2
This issue is caused by a bug in the Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 GUIs. You can safely ignore the TLS version that's displayed in the GUI because this does not reflect the version of TLS that's being used for client connections.
This is a welcome security improvement from Microsoft. Weaknesses have recently been found in the TLS 1.0 protocol, and any companies that require PCI compliance must phase out the usage of the TLS 1.0 protocol by June 2016, as mandated by PCI DSS 3.1.

---EDIT---

After receiving a comment that this patch was not working, I spun up a quick lab environment to test out KB3080079 and ensure it actually worked as advertised. I enabled verbose Schannel logging to determine which version of TLS was in use when a RemoteApp was launched. I was using RDS on Server 2012 R2 - I did not test RDS on Server 2008 R2. My testing was successful - TLS 1.0 was used as expected before the patch was installed, and TLS 1.2 was used afterwards. This was tested both with and without RD Gateway. See my results below.

Without KB3080079, TLS 1.0 is used
Without KB3080079, TLS 1.0 is used
After installing KB3080079, TLS 1.2 is used
After installing KB3080079, TLS 1.2 is used


31 comments:

  1. kb3080079 does not allow a windows 7 client to connect to an RDP server running 1.1 or tls 1.2 as i've been testing it today

    ReplyDelete
    Replies
    1. Interesting. Could you describe how you tested? I've been meaning to test this as well.

      Delete
    2. sorry its taken a while put it on the back burner had other things to do but need to sort.

      we have a windows 2012r2 gateway and on that ive disabled tls 1.0 and windows 8.1 and 10 connect no problem using tls 1.2 (monitoring the 2012r2 server using wireshark) when you try to connect from a windows 7 sp1 fully patched to october it wont connect, enable tls 1.0 on the gateway and it connects using tls 1.0. ive tried rds version 8 and 8.1 on windows 7 sp1 and installed that MS KB 3080079 patch. i will be doing further testing with a new build windows 7 sp1 later today.

      Delete
    3. on further investigation, yes windows 7 sp1 RDS and patch kb 3080079 will allow tls 1.2 but you cannot disable tls 1.0 on the server, well done MS as this doesn't make the server PCI compliant so pointless really

      Delete
    4. also when looking at the schannel logs on the RD gateway server it does indeed say that the client is using tls 1.2 but if you use wireshark it is in fact using tls 1.0. like i say if you disable tls 1.0 on the RD gateway server the client fails

      Delete
    5. Interesting findings. If everything you say is indeed true, I would agree that the patch is certainly not ideal, although better than before.

      Delete
    6. This comment has been removed by the author.

      Delete
    7. I'm stuck in the same boat as Nick Hay... Still trying to figure out what I can do to disable TLS 1.0... I'm wondering if I present this issue to our PCI compliance company if they will accept it as a Verified False Positive.

      Delete
    8. To become PCI compliant, you can disable TLS 1.0 and 1.1 via some reg keys as detailed here: https://technet.microsoft.com/en-us/library/dn786418.aspx#BKMK_SchannelTR_TLS10

      Or use the NarTac Software : https://www.nartac.com/Products/IISCrypto/

      The reason you can't connect to the servers once TLS 1.2 is enforced is that the normal RDP client for windows 7 doesn't support it. You have to update to RDP 8.0 on your client.
      https://support.microsoft.com/en-us/kb/2592687#/en-us/kb/2592687

      (Use at your own risk)

      I hope this helps.

      -Ash-

      Delete
  2. Hi, were you able to test using Windows 7 (or 10)?

    ReplyDelete
    Replies
    1. This specific KB is only available for Windows 7, so that's what I tested with. I assume this functionality is already present in Windows 10, although I did not explicitly test it.

      Delete
  3. KB3080079 would not install on my 2012 R2, it said the update is not applicable to your computer... I really enjoy your blog, thank you!!!!

    ReplyDelete
    Replies
    1. KB3080079 is only for Windows 7 and Server 2008 R2, 2012 R2 already has support for TLS 1.1/1.2. Thanks for the kind words!

      Delete
    2. Thank you again, now I just have to figure out how to get RDP not to use TLS1.0....

      Delete
  4. Sorry, trying to figure out they these post die out without a solution. and google is my friend.. but not for this issue.

    ReplyDelete
  5. I have updated the server side and am able to connect with no issues using RDP 8 from a Windows 8 & 10 environment. However, Windows 7 with RDP 8.1 support will not connect. I have tried KB3080079 and it still wont make a connection.

    ReplyDelete
    Replies
    1. yep still not fix but for me and the company i work for we just moved to windows 10, no problems now.

      there is a problem with RDP client for mac OSX that doesnt work with the RDP gateway tls 1.0 disabled

      Delete
  6. KB3140245 fixes the problem on 2008R2, Windows 7 and Server 2012 R2. https://support.microsoft.com/en-us/kb/3140245 . Note there is a separate version for x32 and x64 as well as a registry entry is required.

    The problem is not exactly with RDP but rather once the TLS 1.1 or 1.2 connection is made to the gateway, this becomes an WinHTTP SSL connection. When Windows 7 tries to make an RDP connection through the gateway it uses TLS 1.0 to connect. Same problem occurs with published RDWEB apps when TLS 1.0 is disabled and a Windows 7 client tries to connect. Windows 8.1, 10 and Server 2012 R2 do not have this problem.

    ReplyDelete
    Replies
    1. Oops meant 2008 R2, Windows 7 and Server 2012 (NOT R2, the Windows 8 like version)

      Delete
    2. Great find! I'll have to add this to the article.

      Delete
  7. Hi, I’m having a hellish time with Win7 clients and Server 2012 RDS (and PCI!!)

    I have disabled TLS 1.0 on the server;
    DisabledByDefault=0x00000001
    Enabled=0x00000000

    Win10/8.1 connect (I’m guessing these don't even try TLS 1.0)

    Win7 RDP is latest (v8), I have tried KB3140245 but really unsure what a ‘DWORD Bitmap’ is ?!? i first thought 32-bit DWORD but it doesn’t seem to want to take the value given, either 0x00000A00 or 0x00000200 – so that I think is my first hurdle?

    Do I need to run KB3140245/Reg keys on both Win7 and Server 2012? (that was a little unclear)

    I don’t want to make too many changes to the Server 2012, as I need to revert back etc. so the client can work etc. (busy company with little offline time)

    ReplyDelete
    Replies
    1. Hi David - for KB3140245, it appears you'll need to add the registry settings on Windows 7 client devices, as well as Server 2008 R2 and Server 2012 systems, however the hotfix/registry value is NOT needed on Server 2012 R2 systems. You were correct that you'll want to create a DWORD value set as 0x00000A00 - I've uploaded a screenshot in case there is any confusion - https://imgur.com/IznmuQd

      Delete
    2. Thanks Tom for your reply, so run KB3140245 on Server 2012 and Win7 but only RegKeys on Win7, correct?

      Having issues with the DWORD (am trying on Win10 for ease at present) i'm entering 0x00000A00 as Hex and that makes it 4100000a and decimal as 1090519050. this is what was happening on Win7 yesterday :/

      I've right clicked, new DWORD 32-bit.

      I just tried dec 2560 and that has worked as hex is displayed as 0x00000a00 -- now that is a little querky!

      Delete
    3. The reg setting is needed on Server 2012 as well.

      When entering the DWORD value as hex, don't actually type the 0x at the front - only type 00000A00.

      Delete
    4. The reg setting is needed on Server 2012 as well.

      When entering the DWORD value as hex, don't actually type the 0x at the front - only type 00000A00.

      Delete
  8. Hi there. Server 2012 wouldn't accept the KB3140245 patch, saying "not applicable to this image". I edited the registry to add the WinHTTP DefaultSecureProtocol = TLS 1.1 / 1.2 settings to all 3 servers (RD Gateway, Connection Broker, Session Host). I also applied the KB3140245 patch to Windows 7 workstations and deployed GPO update to add the WinHTTP DefaultSecureProtocol settings. Wireshark packet capture proved that I was able to establish a persistent TLS v1.2 session from the gateway all the way to the session host, and launch RDWeb applications without any issues.

    However, if I explicitly disable TLS 1.0 and 1.1 on all 3 servers, launching RDWeb applications fails with the error message Error WebException retrieving RDP file from server: The underlying connection was closed: An unexpected error occured on a send. Unable to connect to remote desktop session host."

    Very frustrating as there is no point connecting via TLS 1.2 if I have to leave TLS 1.0 enabled.

    Any ideas?

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. computer policy - local policys - Security options Network security: Lan manager authentication level: - use NTLMv2 only, refuse lm and ntlm - and it Works

    ReplyDelete
  11. NTLMv2 only, refuse LM forks to :)

    ReplyDelete
  12. Thanks for this fascinating blog post. I will appear for your weblog regularly right now. I'm thinking about this topic considering that many years and you could have good info.

    ReplyDelete
  13. After almost a year, I finally figured out a working solution for disabling TLS 1.0/1.1 without breaking RDP and Remote Desktop Services connectivity.

    Run IISCrypto and disable TLS 1.0, TLS 1.1 and all bad ciphers.

    On the Remote Desktop Services server running the gateway role, open the Local Security Policy and navigate to Security Options - System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. Change the security setting to Enabled. Reboot for the changes to take effect.

    Note that in some cases (especially if using self signed certificates on Server 2012 R2), the Security Policy option Network Security: LAN Manager authentication level may need to be set to Send NTLMv2 responses only.

    Let me know if this works for you as well.

    ReplyDelete