Table of Contents
Symptoms
When you try to connect to a remote Windows server using Remote Desktop Connection Client after May 8, 2018 you get this error:
[Window Title] Remote Desktop Connection [Content] An authentication error has occurred. The function requested is not supported Remote computer: XXX.XXX.XXX.XXX This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660
Why?
This is because of security vulnerability CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability .
On May 8th Microsoft released update which changes Encryption Oracle Remediation default behavior setting from Vulnerable to Mitigated option.
That means that: "client applications that use CredSSP will not be able to fall back to insecure versions".
Now, if you try to connect to a machine which does not have this update (maybe machine was suspended) it will have Encryption Oracle Remediation set to Vulnerable which means that:
"client applications that use CredSSP will expose remote servers to attacks by supporting fallback to insecure versions".
Solution
If you are system administrator I suggest that you read more about possible solutions at CredSSP updates for CVE-2018-0886
If you just want to make it work and you are trying to connect to a server which is out of your reach and you can't physically access it to install updates, follow this solution.
Perform these steps, install updates on remote server and to stay secure revert changes back to what it was.
-
Open Local Group Policy Editor< by typing
gpedit
in Start Menu -
Navigate to policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation and double click setting name: Encryption Oracle Remediation
-
Now you will be able to connect to remove server and install updates. After that, set Encryption Oracle Remediation back to Not Configured
How about in windows 11, In my with windows 11 still not work….?
buenisimo!! gracias por este post!
Thank you! Life saver
Thanks save us alot of time
Thanks
It worked straight away with windows 10 and Windows Server 2016. 100%
I found this the easiest way :
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
cool
thanx
Awesome !! Thanks for this 🙂
Wonderful! Thank you very much to save my troubleshooting time
Thanks you very much 🙂
it is works 🙂
how can i do it but in windows 10 home, the credentials delegation folder isn’t listed
It seems that it is not supported in Windows 10 Home edition https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-credentialsdelegation
Thanks. It worked
Thanks. It did work
working 100%
terima kasih atas tutorialnya, sangat membantu \\ thank you for this article, it’s very helpful.
Good Working
thanks, that was helpful.
Thanks