If you are a Windows remote desktop user, you may have recently encountered an authentication error due to CredSSP.
When trying to connect to a remote server that usually worked without changing permissions or credentials, you now see the error:
An authentication error has occurred. The function requests is not supported. This could be due to CredSSP encryption oracle remediationWell, it seems that due to the discovery of a vulnerability in the security of remote desktop encryption, the default behavior of remote desktop connections has been modified.
Since May 2018, the CredSSP (Credential Security Support Provider protocol) validation has been modified, and the default behavior has been changed from “vulnerable” to “mitigated.”
The permanent solution is to update to the latest version of both the server and client for remote desktop on both machines. But what if we can’t access the server to update it?
Well, we have a temporary solution that involves disabling the security policy. We can do this by running gpedit.msc and going to Computer Configuration > Administrative Templates > System > Credentials Delegation, and changing the value to “vulnerable.”
Or, more simply, through the command prompt with the following order.
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2Now we can connect with remote desktop. It is recommended that you update both the server and the client, fix the connection problems, and return the security policy to its default state.