Fix for “This could be due to CredSSP encryption oracle remediation”
Table of Contents
When you try to connect to a remote Windows server using Remote Desktop Connection Client after May 8, 2018 you get this error:
[Window Title] Remote Desktop Connection [Content] An authentication error has occurred. The function requested is not supported Remote computer: XXX.XXX.XXX.XXX This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660
This is because of security vulnerability CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability .
On May 8th Microsoft released update which changes Encryption Oracle Remediation default behavior setting from Vulnerable to Mitigated option.
That means that: "client applications that use CredSSP will not be able to fall back to insecure versions".
Now, if you try to connect to a machine which does not have this update (maybe machine was suspended) it will have Encryption Oracle Remediation set to Vulnerable which means that:
"client applications that use CredSSP will expose remote servers to attacks by supporting fallback to insecure versions".
If you are system administrator I suggest that you read more about possible solutions at CredSSP updates for CVE-2018-0886
If you just want to make it work and you are trying to connect to a server which is out of your reach and you can't physically access it to install updates, follow this solution.
Perform these steps, install updates on remote server and to stay secure revert changes back to what it was.
Open Local Group Policy Editor< by typing
gpeditin Start Menu
Navigate to policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation and double click setting name: Encryption Oracle Remediation
Enable it and set Protection Level to Vulnerable. Click OKIt is recommended to restart the computer after this change.
Now you will be able to connect to remove server and install updates. After that, set Encryption Oracle Remediation back to Not Configured