Solved: PCI scans fail with RDP enabled
Posted by Amy Babinchak on 12 June 2018 03:07 PM
Failing PCI compliance scans is a frequent problem for RDP users. I see many people abandoning RDS because of it but that really isn't necessary. The real solution is to set more secure crypto technologies on the server and disable to insecure connection methods.
CLIENT: I have a client who runs their app via RDS. However, their new credit card vendor did a scan and they are failing the PCI scan. I've tried to disable TLS 1.0 and a cipher but every time I do, it breaks RDS. I'm stuck
THIRDTIER: I’ve just now used IISCrypto to disable TLS 1.0. It should break for you now but you'll pass the scan. However there is a way to make this work.
CLIENT: I've enabled SSL VPN but would prefer to use the server
THIRDTIER: I’m working on the issue and rebooting the RDS box given there are no users on it. . Long story short – I’ve got all the answers we need to make this PCI compliant and still allow RD to work fine. Let me know when we can make these changes on the client server and do testing
THIRDTIER: I remoted in tonight and reconfigured as discussed, it should now pass PCI DSS 3.1 scan. Please rescan it and let me know what you see.
If you have any problems that you're stuck on, remember to open a ticket with Third Tier. Odds are that we've seen it before and can help you quickly work through it.
About Third Tier
Established in 2008, Third Tier only works for IT Professionals by providing them with access to advanced support services. No one can know it all these days, so we give IT pros a place to go to get the hands on support they need in areas they normally don’t work in or problems they’ve never encountered. We also work on projects, fix their accounting practices and do many, many migrations and other installations. Our staff covers a wide range of technologies.