Error: Users cannot access the Cloud App server through Workspot Client. However, when trying to connect to the Server through direct RDP, it fails with an error “An internal error has occurred.”
Possible Cause: The server supports only outdated TLS versions (like TLS 1.0 or TLS 1.1), blocking newer clients that default to TLS 1.2 or above.
Possible Troubleshooting: To temporarily resolve this, enable TLS 1.0, TLS 1.1, and TLS 1.2 on the server via the registry.
Note: TLS 1.0 and 1.1 are no longer considered secure by modern security standards.
Execute these commands in an elevated CMD or PowerShell:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 1 /f
Log in to the error VM, identify the cause of the issue. Ex: If any recent policy was pushed to the VM that caused the issue.
Workspot recommends using TLS 1.2, which should be the default security standard.
Outdated standards, TLS 1.0 and TLS 1.1, should be disabled by executing the commands below.
Disable TLS 1.0 Server
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
Disable TLS 1.1 Server
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f