Cannot connect to RDP after enabling Group Policy (in my case "SSL Cipher Suites order Policy")
preface: A Windows Server 2012 R2 domain joined, I'm not a Domain Admin on the customer AD, I'm a Local Server Administrator.
1. Open a blank notepad document.
2. Copy and paste the list of available suites into it.
3. Arrange the suites in the correct order; remove any suites you don't want to use.
4. Place a comma at the end of every suite name except the last. Make sure there are NO embedded spaces.
5. Remove all the line breaks so that the cipher suite names are on a single, long line.
6. Copy the cipher-suite line to the clipboard, then paste it into the edit box. The maximum length is 1023 characters.
I completely miss the 4 and 5 points.
following a way to solve the mistake:
- from another Domain joined Server, open MMC
- add snap-in "Group Policy Editor"
- instead of "Local Computer", click "Browse" and flag "Another Computer", put the RDP unreachable server Hostname
- now you should see on the top "Console Root">"ServerName Policy"
- find your broken policy and edit accordingly (In my case, Disable the "SSL Cipher Suites order Policy"
Now I need to get the policy applied, this should be accomplished with RSAT package and by using the "Invoke-GPUpdate" powershell cmdlet(google it), but I have no permission to install it on the server I'm using to fix the disaster.
So I just reboot the server by using:
- shutdown /i
this command that you can run from "RUN", starts a GUI where you can specify the hostname server that you want to reboot.
at the first reboot, the policy get applied I suppose, but the RDP connection is still broken, we just need to reboot again to get the services using all the Cipher Suites.
another day without been fired!
Commenti
Posta un commento