RDP not working after remediating sweet32

After doing some research on the web and comparing the Administrative ToolsàRemote Desktop ServicesàRemote Desktop Session Host ConfigurationàConnectionsàRDP-TcpàProperties between the working servers and problematic servers, I have done the following changes to make RDP work:

 

1. Change Encryption level from FIPS Complaint to High

 

2. It seems any of the following changes will fix the issue together with #1 above

 

1. Change the following registry value to 1 from 2 that changes the setting from SSL(TLS1.0) to Negotiate (because the Security Layer option was greyed out)

 

HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer

 

2. Alternatively, I could also make RDP work by enabling the following local policy

 

Computer configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session\Connections\Allow users to connect remotely using Remote Desktop Services

 

Clients cannot connect to SCCM DP for content Error sending DAV request. HTTP code 401, status 'Unauthorized'

Make sure NTLM is allowed on the clients if DP IIS is configured for windows authentication

https://docs.microsoft.com/en-sg/archive/blogs/chiranth/ntlm-want-to-know-how-it-works

Install .NET 3.5 feature using PowerShell

If you require .NET 3.5 to be installed on a windows system, you can do so using the Server Manager utility. But in some cases, you might end up with an error due to unknown reasons. If you lookup this issue on the web, there are suggestions to check windows firewall, loop back address etc. If you do not want to bother about those trivial things, here are some steps that you can follow as a workaround:

1. Mount windows .iso on your CD drvie

2. Enter the following command on PowerShell

    Install-WindowsFeature -Name NET-Framework-Core -source <cd drive:>