When we are going to make an RDP connection to the system via Centrify PAM(Privileged Access Management), the error “The connection failed at TSL connection” occurred. We investigated this error and found what the error was. The solution to the error is as follows.
Solving the “The connection failed at TSL connection” error
Centrify supports TLS 1.2 version in RDP connection over PAM(Privileged Access Management). Therefore, it will be necessary to look at the TSL 1.2 version settings. TLS version 1.2 is required to make an RDP connection to the server. You can set TLS settings by following the place below on the “Registry Editor“. After doing it, restart the server and you can access RDP over Centrify PAM again.
For TLS 1.2 Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client DWORD name: DisabledByDefault DWORD value: 0
- If “TSL 1.2” does not exist under the “Protocols” folder, you need to create it as follows.
Right-click on the “Protocols” folder and click on “New > Key“. Name it “TLS 1.2“. Then right-click on the “TLS 1.2” folder and click on “New > Key“. Name it “Client“. Then right-click on the “Client” folder and click on the “DWORD (32-bit) Value” section. Set the name of the DWORD to “DisabledByDefault“. Its value must be 0.
- If the above solution does not work, it is fixed with the Server 2008r2 update. Normally, it should be fixed in Regedit, but I think there is no patch on the machine. For its manual download, you can download the KB below and install it manually. We turned off “TLS 1.0” 2 years ago due to security vulnerability.
https://www.microsoft.com/en-us/download/details.aspx?id=12250