ไม่สามารถ remote Desktop ได้ โดยขึ้นว่า This could be due to CredSSP encryption oracle remediation. โดยสามารถแก้ไขได้ด้วยการแก้ไข Gpedit.msc. Mar 30, 2020 Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number. An Authentication Error has occurred (Remote Desktop) This error message is not new and has been there in Windows for quite some time. This is because the causes of this error message can be tracked ranging from incomplete updates to problems in the group policy. An authentication error has occurred. The Local Security Authority cannot be contacted. August 17, 2015 by wintech While trying to login on a server remotely using the remote desktop connection, I received this error.
In March 2018, Microsoft released a security update that fixes a vulnerability in the Credential Security Support Provider Protocol (CredSSP). This vulnerability (CVE-2018–0886) allows an attacker to remotely execute arbitrary code on a vulnerable Windows host with an open RDP port (TCP/3389). In May 2018, an update “2018-05 Security only/Monthly Rollup” was released. It blocks the connection to computers with an affected version of CredSSP.
When you try to connect to a remote computer with a vulnerable CredSSP from Windows 10/Windows Server 2016, you receive the Remote Desktop Connection error:
An authentication error has occurred.
The function is not supported.
Remote Computer: hostname
This could be due to CredSSP encryption oracle remediation.
For more information, see link.
On Windows 7, the CredSSP error looks like this:
An authentication error has occurred.
The function requested is not supported.
Remote computer: hostnname
To fix This could be due to credssp encryption oracle remediation error, you need to install the latest Windows security update on the remote computer. You can install the latest Cumulative Update for your Windows version. You can download the update manually via Microsoft Update Catalog or install it via Windows Update or WSUS.
Hint. CredSSP authentication error appears only when you try to connect via RDP from a computer on which the latest security updates are installed to a non-updated computer (for example, a computer that never gets updates, or a clean installed device with a Windows 10/Windows Server 2016 build that was released before March 2018).
Hint. There is a workaround allowing you to connect to a computer with a vulnerable version of CredSSP. To do this, you need to configure a special Group Policy parameter named Encryption Oracle Remediation on your computer from which you are establishing the Remote Desktop connection.
- Press Win+R, type gpedit.msc, and press Enter;
- Go to the following section of the Local Group Policy Editor: Computer Configuration > Administrative Templates > System > Credentials Delegation;
- Open the policy setting Encryption Oracle Remediation;
- Change its state to Enabled, and set Vulnerable in the Protection Level field;
- Update the Group Policy settings using:
Hint. You can also allow your computer to connect to vulnerable versions of CredSSP through the registry. Run the following command through elevated command prompt:
Now you can connect to the remote host via RDP and install the updates. After upgrading, don’t forget to disable the policy or reset the AllowEncryptionOracle registry value to its original value:
There are 3 options in the “Encryption Oracle Remediation” policy:
- Vulnerable — the client can connect to vulnerable computers;
- Mitigated — the client cannot connect to vulnerable servers, but the servers can allow vulnerable clients to connect;
- Force Updated Clients — secure RDP CredSPP interoperability layer.
If from a computer that doesn’t have the CredSPP security update installed you can’t connect to an updated RDP/RDS host with the “Force updated clients” option enabled, you can allow the server to accept connections with an affected version of CredSPP. To do this, you need to enable the policy with the Mitigated value on the server. In this way, to make changes to the server you can remotely connect to it via PowerShell under admin credentials:
And allow the connection:
In all cases, Microsoft always recommends installing the latest Windows updates on both the RDP server and the client.
AuthorRecent PostsCyril KardashevskyI enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.Latest posts by Cyril Kardashevsky (see all)- /
Microsoft has released a few security patches in March 2018 to fix the vulnerabilities for the CredSSP (Credential Security Support Provider Protocol) used by the Remote Desktop Protocol in Windows Server. But a recent update has made CredSSP Authentication error in RDP and caused hindrance to many users.
Microsoft pushed the update of May 2018 to harden the security by making it mandatory for both client and server computers to have the update installed. This resulted in windows servers not accessible via RDP for many users and made many to reboot their servers to fix the issue thinking it as a server side issue. This blog helps you on how to fix the CredSSP Authentication error in Remote Desktop Protocol (RDP).
What is CredSSP?
“CredSSP” or “Credential Security Support Provider Protocol” is a security support provider which helps to securely delegate user credentials from a client computer to a windows server by using TLS (Transport Layer Security) as an encrypted pipe.
Why the update?
The update in May is made to correct how CredSSP validates requests during the authentication process. Microsoft has found a credssp error in rdp and found a fix for the vulnerability by mandatory requiring to update both the client and server computer to work properly.
An authentication error has occurred.
The function requested is not supported
Remote computer: <computer name='>
This could be due to CredSSP encryption oracle remediation.
For more information, see the link
This error is due to the windows update not installed either on the server or on the client computer.
How to fix it?
To fix the issue, you need to uninstall the update and roll back to an older version. But rolling back to an old version is not a best practice. You can fix this by changing the group policy in the local computer to use the vulnerable setting
1. Go to “Run” (Win Key + R)
2. Type “gpedit.msc” and click “Enter”
3. Go to Computer Configuration -> Administrative Template -> System -> Credentials Delegation -> Encryption Oracle Remediation
4. Double Click on “Encryption Oracle Remediation”, choose “Enable” and change protection level to “Vulnerable” and click “Apply” or “Ok”
You can also fix the issue with the help of a Windows Registry Editor
1. Open Windows Registry by typing “regedit” in “Run”
2. Navigate to Computer -> HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Policies -> System -> CredSSP -> Parameters
Authentication Error Has Occurred Remote Desktop Configuration
3. Doubleclick on the Key “Allow Encryption” Change the value to “2”
This method also gives the same output as achieved through the Group Policy Editor. You may use the below table from Microsoft to compare the installed windows update for CredSSP.
Operating system | TSpkg.dll version with CredSSP update | Operating system TSpkg.dll version with CredSSP update CredSSP update |
---|---|---|
Windows 7 Service Pack 1 / Windows Server 2008 R2 Service Pack 1 6.1.7601.24117 KB4103718 (Monthly Rollup) | 6.1.7601.24117 | KB4103718 (Monthly Rollup) KB4103712 (Security-only update) |
Windows Server 2012 | 6.2.9200.22432 | KB4103730 (Monthly Rollup) KB4103726 (Security-only update) |
Windows 8.1 / Windows Sever 2012 R2 | 6.3.9600.18999 | KB4103725 (Monthly Rollup) KB4103715 (Security-only update) |
RS1 – Windows 10 Version 1607 / Windows Server 2016 | 10.0.14393.2248 | KB4103723 |
RS2 – Windows 10 Version 1703 | 10.0.15063.1088 | KB4103731 |
RS3 – Windows 10 1709 | 10.0.16299.431 | KB4103727 |
For any technical assistance to fix CredSSP Authentication Error in RDP
Feel free to contact us
Remote Desktop Authentication Error 0x80004005
Thanks for dropping by. Ready for the next blog?
If if find KB missing, can i instal the KB
KB4103725 (Monthly Rollup)KB4103715 (Security-only update to fix the error.
Does it required a mandatory reboot
You can install any of the mentioned update from Microsoft update catalog. You will have to reboot the system after installing the update
Can you please let me know which OS version you are using? And please clarify if only this particular option ‘credential delegation’ is missing from your group policy settings. In this case, please run the following CMD command (open the command prompt as administrator) to create the CredSSP parameter by editing the registry:
REG ADD HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemCredSSPParameters /v AllowEncryptionOracle /t REG_DWORD /d 2Please give a try and let us know how it works for you.