Hello experts! I am trying to make my server PCI compliant I am almost there, but stuck with this - CVE20051794, Microsoft RDP Protocol Hardcoded RSA Private Key Weakness. I researched a lot regarding this and none of the articles were clear, everyone was saying just to disable RDP and use third party apps. My server is in a virtual environment and I am not thinking of disabling RDP. Could someone please let me know how to fix this? Thank you in advance, -- Best Regards | Arun V | http://twitter.com/arunv707

Hi, Thanks for posting in Microsoft TechNet forums. Please check the article below to see if it can be helpful: Configuring authentication and encryption http://technet.microsoft.com/en-us/library/cc782610.aspx Have a nice day. Regards Kevin

Hi, Thanks for posting in Microsoft TechNet forums. Please check the article below to see if it can be helpful: Configuring authentication and encryption http://technet.microsoft.com/en-us/library/cc782610.aspx Have a nice day. Regards Kevin

I have gone through that article and have installed a self signed certificate, the PCI scan still failed. I am trying to make my Windows Server 2008 R2 server PCI Compliant. However, even after installing so many patches and altering configurations, I am stuck at fixing this one last issue. You may check the screenshot of my PCI scan here -- http://d.pr/i/uuJD  I suspect this can be fixed by installing a trusted computer certificate. If so, could you please let me know if you have any recommendation for the same. -- Best Regards | Arun V | http://twitter.com/arunv707

On Tue, 27 Nov 2012 03:57:53 +0000, arunv707 wrote: ???I have gone through that article and have installed a self signed certificate, the PCI scan still failed. I am trying to make my Windows Server 2008 R2 server PCI Compliant. However, even after installing so many patches and altering configurations, I am stuck at fixing this one last issue. You may check the screenshot of my PCI scan here -- http://d.pr/i/uuJD????? I'd start by going back to the vendor of the PCI compliance scanning software you're using. From what I know, that vulnerability hasn't been an issue since the release of Server 2008. http://technet.microsoft.com/en-us/library/cc770833.aspx Paul Adare MVP - Forefront Identity Manager http://www.identit.ca LISP: To call a spade a thpade.

On Tue, 27 Nov 2012 03:57:53 +0000, arunv707 wrote: ???I have gone through that article and have installed a self signed certificate, the PCI scan still failed. I am trying to make my Windows Server 2008 R2 server PCI Compliant. However, even after installing so many patches and altering configurations, I am stuck at fixing this one last issue. You may check the screenshot of my PCI scan here -- http://d.pr/i/uuJD????? I'd start by going back to the vendor of the PCI compliance scanning software you're using. From what I know, that vulnerability hasn't been an issue since the release of Server 2008. http://technet.microsoft.com/en-us/library/cc770833.aspx Paul Adare MVP - Forefront Identity Manager http://www.identit.ca LISP: To call a spade a thpade.