Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
TLS 1.2 for Application Proxy RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello

    We are having a crack at our first use of Application proxy. Specifically we are looking for users to access an on premise server 2016 RDS collection using MFA. The question is around TLS 1.2 requirements.  MS states that all the servers must be TLS 1,2 complaint to able to communicate with each other and any clients connecting to the service. As remote users on their own PC's and Macs will be connecting, does this mean they all have to be TLS 1.2 compliant as well? 

    Just trying to get this straight 

    Many thanks 

    MIS5000

    Thursday, May 7, 2020 6:59 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    I'd try asking for help over here.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winRDc

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 8, 2020 2:59 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello MIS5000,

    Yes, the personal devices Windows/Mac/iOS devices also have to be TLS 1.2 compatible for them to be able to work with the Servers for the Application Proxy.

    On how to make the devices TLS 1.2 compatible, please use the following registry keys and their values

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000000
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000000

    Let us know if you need further help.

    ---------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    ----------------------------------------------------------------------------------------
    We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move!  In future, you can ask and look for the discussion for Azure Active Directory related questions here:   https://docs.microsoft.com/answers/topics/azure-active-directory.html. We are actively working to onboard remaining Azure services on Microsoft Q&A. We will make a public announcement once complete. Want to Learn more about new platform: Microsoft Q&A Getting Started

    Friday, May 8, 2020 3:20 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    I'd try asking for help over here.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winRDc

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, May 8, 2020 2:59 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello MIS5000,

    Yes, the personal devices Windows/Mac/iOS devices also have to be TLS 1.2 compatible for them to be able to work with the Servers for the Application Proxy.

    On how to make the devices TLS 1.2 compatible, please use the following registry keys and their values

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000000
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000000

    Let us know if you need further help.

    ---------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    ----------------------------------------------------------------------------------------
    We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move!  In future, you can ask and look for the discussion for Azure Active Directory related questions here:   https://docs.microsoft.com/answers/topics/azure-active-directory.html. We are actively working to onboard remaining Azure services on Microsoft Q&A. We will make a public announcement once complete. Want to Learn more about new platform: Microsoft Q&A Getting Started

    Friday, May 8, 2020 3:20 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks Neelish

    I appreciate your time and answer. We have decided to proceed with App proxy because of this instead  elected to integrate RDS gateway with Azure AD and the NPS extension. This looks straight forward enough but I wondering if you have a heads up on the Azure licensing with this? Clients currently have Microsoft 365 Apps for Enterprise licenses. According to recent article MS reckons you need Azure P1 for per user but this seems pretty expensive considering they have MFA already. Do you happen to know? 

    Many Thanks 

    MIS5000

    Thursday, May 21, 2020 2:01 AM