Terminal Server Gateways and PCI Compliance

Before starting, every Windows 7/Server 2008 R2 OS will need to have a specific patch (KB3080079) to be able to use TLS 1.1+ to connect to the Gateway properly after following the directions below.

To begin, download the IISCrypto software from Nartac onto the gateway server.

Upon opening, accept the agreement if it appears.

Click on the Templates section.

Select “PCI 3.1” in the drop down.

Click Apply.

Reboot the server.

It’s possible that at this point you might encounter and inability to connect and you’ll get the following error in the event log.

A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

To fix this error, open the Control Panel, click Administrative Tools, and then open Local Security Policy.

In Local Security Settings, expand Local Policies, and then click Security Options.

Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Enabled.

You may or may not need to run gpupdate /force

Published by

Kevin Herr

System Administrator

One thought on “Terminal Server Gateways and PCI Compliance”

Leave a Reply to NTW Cancel reply

Your email address will not be published. Required fields are marked *