I’ve recently been looking at Microsoft’s Security Compliance Manager 3.0. SCM allows provides a rich set of server-role-based security baselines for deployment using either GPO or SCCM. This latest version includes baselines for Windows Server 2012.
After deploying the “WS2012 Domain Controller Security Compliance 1.0” baseline settings via GPO into my lab environment I found RDP sessions to my Windows Server 2012 DCs to be horrendously slow – almost to the point of not being able to do anything.
My on-line searches for the cause revealed nothing official from Microsoft, but I did find some references to one specific setting being the probable cause. The setting is “Use FIPS compliant algorithms for encryption, hashing, and signing” set to Enabled.
Computer Config->Policies->Windows Settings->Security Settings->Local Policies->Security Options->System Cryptography->Use FIPS compliant algorithms for encryption, hashing, and signing
After setting the value to Disabled and updating Group Policy on the DCs my RDP sessions returned immediately to normal speed.
I hope this information helps others who might come across the same behaviour.
Looks like FIPS mode has now been “un-enabled”. LOL
http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx