21st November 2024

Error Connecting to Server via Centrify PAM – “The connection failed at TSL connection”

When we are going to make an RDP connection to the system via Centrify PAM(Privileged Access Management), the error “The connection failed at TSL connection” occurred. We investigated this error and found what the error was. The solution to the error is as follows.

The connection failed at TSL connection
The connection failed at TSL connection

 

Solving the “The connection failed at TSL connection” error

Centrify supports TLS 1.2 version in RDP connection over PAM(Privileged Access Management). Therefore, it will be necessary to look at the TSL 1.2 version settings. TLS version 1.2 is required to make an RDP connection to the server. You can set TLS settings by following the place below on the “Registry Editor“. After doing it, restart the server and you can access RDP over Centrify PAM again.

For TLS 1.2 Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client DWORD name: DisabledByDefault DWORD value:

Registry Editor
Registry Editor
DisabledByDefault
DisabledByDefault

 

  • If “TSL 1.2” does not exist under the “Protocols” folder, you need to create it as follows.

Right-click on the “Protocols” folder and click on “New > Key“. Name it “TLS 1.2“. Then right-click on the “TLS 1.2” folder and click on “New > Key“. Name it “Client“. Then right-click on the “Client” folder and click on the “DWORD (32-bit) Value” section. Set the name of the DWORD to “DisabledByDefault“. Its value must be 0.

 

  • If the above solution does not work, it is fixed with the Server 2008r2 update. Normally, it should be fixed in Regedit, but I think there is no patch on the machine. For its manual download, you can download the KB below and install it manually. We turned off “TLS 1.0” 2 years ago due to security vulnerability.
LEARN MORE  What is Msfvenom? Writing MSF Meterpreter Scripts

https://www.microsoft.com/en-us/download/details.aspx?id=12250

Leave a Reply

Your email address will not be published. Required fields are marked *