Reset Search
 

 

Article

KB29403 - SSL (TLS 1.0) Security Layer option in Remote Desktop Server used for authenticating server and encrypting all data transferred between server and client is not supported via PCS for Terminal Servers

« Go Back

Information

 
Last Modified Date9/25/2015 6:12 AM
Synopsis

This article describes what happens when:

  • The internal Terminal Server is accessed through the PCS Terminal service feature, and

  • SSL (TLS 1.0) is enabled in the Terminal server for server authentication and data encryption.

 

Problem or Goal

If SSL (TLS 1.0) is enabled in the back-end Terminal Server for authenticating the server and encrypting all data transferred between the server and the client, the user receives the error messages below when accessing the resource through PCS:

Error 1

The remote computer requires that authentication be enabled to connect.

Remote computer: ptaclab2008dc.ptaclab2008.local

The connection cannot proceed because authentication is not enabled.

Error 2

An internal state error has occurred. The remote session will be disconnected.

Your local computer might be low on memory.

Close some programs, and then try connecting to the remote computer again.

Cause
Solution

The PCS/PSA device supports SSLv2 for authenticating the server and encrypting all data transferred between the server and the client.

If--when accessing the back-end Terminal Server through the Terminal Service feature of PCS/PSA -- the user makes a connection on port 3389 with the PCS, the PCS will initiate a new connection on behalf of the user to the back-end Terminal Server resource.

However, the PCS device does not support SSLv3.0, SSLv3.1, TSL1.0 and above for authenticating the server and encrypting all data transferred between the server and the client.

So, in order to authenticate the server and encrypt all data transferred between the server and the client on PCS devices that do not support SSLv3.0, SSLv3.1, TSL1.0 and above, the Security layer must be set to either RDP Security Layer or Negotiate under the General tab in the RDP-Tcp Properties window, as shown below:

Notes

Negotiate

  • The default security option enabled in the Remote Desktop Server.

  • When this option is selected, the Remote Desktop Services sessions are configured to negotiate the encryption level from the client to the RD Session Host server.

RDP Security Layer

  • Communication between the server and the client use native RDP encryption.
  • If you select RDP Security Layer, you cannot use Network Level Authentication.

SSL (TLS 1.0): SSL (TLS 1.0)

  • Used for authenticating the server and encrypting all data transferred between the server and the client.
  • This option is not supported by the PCS.

  • If you would like to add support for this feature on PCS, please contact your Pulse Secure Sales Engineer (SE) or Pulse Secure Account Team to submit an Enhancement Request.

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255