An authentication error has occurred; this could be due to CredSSP encryption oracle remediation

Windows ServerThis error first came up early in 2018, but I’ve stumbled across it a couple of times recently and had to hunt around for the solution, so I am posting it here so I know where to find it next time.

Microsoft released an update to address vulnerabilities for the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) connections for Windows clients and Windows Server.

Since that hotfix came out, if you try to connect from a patched machine to an unpatched one, you receive this error:

CredSSP error

Remote Desktop Protocol

An authentication error has occurred.
The function requested is not supported.

Remote computer: {server name}
This could be due to CredSSP encryption oracle remediation.

You shouldn’t see this error, as all computers should be regularly patched, but if you do see it, the correct solution is to patch the machine in question.

If patching isn’t possible, then there is a workaround which is to downgrade the protection level to Vulnerable (which is not recommended).

To do this, open the Local group Policy Editor, expand (Computer Configuration » Administrative Templates » System » Credentials Delegation) and edit Encryption Oracle Remediation:

Local Group Policy Editor

Set the radio button to Enabled and change the Protection Level to Vulnerable and click OK:

Encryption Oracle Remediation

What should we write about next?





Your Name (required) –
Your Email (required) –

Leave a Reply

Your email address will not be published. Required fields are marked *