I've been experiencing an RDP issue whenever TLS 1.0 is disabled in my environment. I've seen many others report the same issues across the web.
In November 2018, Microsoft released a patch for Server 2012 R2 that fixed a silent bug wherein FIPS policy would silently re-enable TLS1.0/1.1 support.
A Server 2012R2 or 2016 server running Remote Desktop Services will fail to allow non-console connections when TLS 1.0/1.1 is turned off.
The above linked article proposes:
a. Not using RDS with a Connection Broker, which breaks our use case
b. Not disabling TLS 1.0, which breaks our security posture
c. Configure a HA Connection Broker on a dedicated SQL server, which seems like a large effort with additional cost we'd prefer to avoid.
Has anyone else resolved this issue any other way?
Or, is it possible to set up a HA connection broker without actually having a second RDS Server?
We could place the SQL connection on a server that already exists in the environment in that case.
