Remote Desktop Management service not starting TLS 1.2 error

Question

Remote Desktop Management service not starting TLS 1.2 error

MT 56

Scenario :

Installed RDS on windows 2016 standard evaluation. But when Disable the TLS 1.0 and 1.1 using IISCrypto then Remote Desktop Management service is failed and not starting. Following Error is appearing

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Following scenarios tried but didn't work :

Scenario 1

------------

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Scenario 2

------------

As per the KB article
https://support.microsoft.com/en-us/help/3135244/kb3135244-tls-1-2-support-for-microsoft-sql-server

Applied Windows 2016 windows update and enclosed is the screenshot

37772-windows-2016-update-history.pdf

Scenario 3

------------

Connected to the windows internal database and checked the version
From following command \.\pipe\MICROSOFT##WID\tsql\query connected to internal database of windows 2016 Enclosed is the screenshot

Do let me know how to resolve the Remote Desktop Management service not starting issue

2 answers

Your answer

Answer 1

Hi @MT

Please refer to this article :
RDS Connection Broker or RDMS fails after you disable TLS 1.0 in Windows Server

Or try to enable FIPS:
Local Security Policy > Local Policies> Security Options > System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing / Enabled

Then ran gpupdate /force

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards
Karlie

Answer 2

MT 56

Hi Karlie,

After executing the mentioned steps by you and rebooting the server. Still RDMS service is not starting on windows 2016 server.

Regards,
Mohit

Anonymous

2020-11-09T08:50:17.77+00:00

Hey Mohit,

Have you tried these resolutions from the link.

To fix this issue, use one of the following methods:
Set up RDS without Connection Broker for a single-server installation.
Don't disable TLS 1.0 on a single Connection Broker deployment.
Configure a high availability Connection Broker deployment that uses dedicated SQL Server.

Thanks
karlie
Anonymous

2020-11-13T07:01:28.747+00:00

Hello @MT

Good day!

I'm just following up to make sure you received my last reply.

You can enable email notifications for a variety of different events in Microsoft Q&A:
https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html

If you have any further questions or suggestions about this case, please let me know.

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Best Regards
Karlie
MT 56 Reputation points

2020-12-20T09:45:14.257+00:00

Thanks Karlie, Configured a high availability Connection Broker deployment that uses dedicated SQL Server for TLS 1.2 enabled. Worked out. Thanks for Providing the solution. Other thing I want to highlight is that Windows 2019 Server is come along with TLS 1.2 compatible.

Regards,
Mohit

Share via

Remote Desktop Management service not starting TLS 1.2 error

2 answers

Your answer