Microsoft has added the FIPS Compliant setting to the options for Terminal Services encryption levels in Windows Server 2003. A Windows Server-based server that has the encryption level set to FIPS Compliant cannot allow Remote Assistance connections from a computer that is running Windows 10.
When you try to connect from a Windows 10-based client to a Terminal Services server, the connection may not succeed, and you may receive the following error message:
To work around this problem in Windows 10, disable the FIPS encryption level. To disable the FIPS encryption level, you can change the Encryption level setting in the RDP-Tcp Properties dialog box, or you can use the Group Policy Object to disable FIPS data encryption system-wide. To disable the FIPS encryption level, use one of the following methods.
Note There are two ways to enable the FIPS encryption level. If you have to disable the FIPS encryption level for Terminal Services, you must do this by using the same method that you originally used to enable the FIPS encryption level.
Method 1To disable the FIPS encryption level by changing the Encryption level setting in the RDP-Tcp Properties dialog box, follow these steps:
- Click Start, click Run, type tscc.msc in the Open box, and then click OK.
- Click Connections, and then double-click RDP-Tcp in the right pane.
- In the Encryption level box, click to select a level of encryption other than FIPS Compliant.
Note If the Encryption level setting is disabled when you try to change it, the system-wide setting for System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing has been enabled, and you must disable this system-wide setting by using method 2.
Method 2To use the Group Policy Object to disable FIPS data encryption system-wide, follow these steps:
- Click Start, click Run, type gpedit.msc in the Open box, and then click OK.
- Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
- In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, click Disable, and then click OK.
Note Encryption level settings in Terminal Server are unavailable when FIPS is enabled.
- On the client, you receive the following error message from Remote Assistance: A Remote Assistance connection could not be established. You may want to check for network issues or determine if the invitation expired or was cancelled by the person who sent it.
- The following error is logged in the System log on the server: Event ID: 50
Description: The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client.