Hi All,
The basics...
I want to build 3x "jump box" RDS Servers in 3x different departmental subnets with firewalls between each subnet in a single domain, single forest.
Currently only the required ADDS, DNS and DHCP network ports / flows are allowed between each departmental subnet. All other services for each department sit within their own subnets....RDP will be the only exception...I need to be able to assign security groups the ability to RDS into either DEV / UAT / OFFICE networks from the OFFICE network where our users log into and sit from a domain perspective.
I have got all 3 jump box RDS servers working but only if I leave TLS 1.0 / 1.1 /1.2 enabled on the RDS servers...my company security policy requires us to use TLS1.2only and have the older two protocols disabled.
Where and how can this configuration be made and changed, in my EventVwr checks and online reading it seems I need to address 1 or 2 or both of the below to work.
1. WinRM
I'm currently unable to PSRemote from one subnet to another. Will addressing the required ports and directional flows for WinRM resolve this alone or...
2. TLS Requirements
Do I need to somehow address TLS 1.2 config - this confuses me as I though TLS 1.2 was default for Server 2016?
As always, thanks in advance for your time...
durrie.