How to disable TLS 1.0 without breaking RemoteApps on server 2012 R2

After almost a year, I finally figured out a working solution for disabling TLS 1.0/1.1 without breaking RDP and Remote Desktop Services connectivity.

Run IISCrypto and disable TLS 1.0, TLS 1.1 and all bad ciphers.

On the Remote Desktop Services server running the gateway role, open the Local Security Policy and navigate to Security Options - System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. Change the security setting to Enabled. Reboot for the changes to take effect.

Note that in some cases (especially if using self signed certificates on Server 2012 R2), the Security Policy option Network Security: LAN Manager authentication level may need to be set to Send NTLMv2 responses only.

Let me know if this works for you as well.