Remote desktop connection authentication error due to CredSSP encryption oracle remediation

Recently, when connecting to another Windows machine with RD, I got the following RDP authentication error due to CredSSP encryption oracle remediation:

image

An authentication error has occurred.
The function requested is not supported

Remote computer: <computer name>
This could be due to CredSSP encryption oracle remediation.
For more information, see https:/go.microsoft.com/fwlink/?linkid=866660

Windows client

Following the above link, and searching around, this seems caused by the client Windows is patched with a CredSSP (Credential Security Support Provider protocol) update for CVE-2018-0886, while the remote Windows is not. The solution is certainly patching the remote Windows. However, if you do not have the permission to patch the remote Windows (In this case, I am connecting to a build VM provided by AppVeyor), then you have to compromise the client.

Windows Pro Edition (with group policy editor)

The workable solution I found is to edit client Windows’ local group policy (gpedit.msc):

image

Under Computer Configuration -> Administrative Templates -> System -> Credentials Delegation, there is a setting “Encryption Oracle Remediation”. Its default value is “Not configured”. Just change it to “Enabled”, and set “Protection Level” as “Vulnerable”.

Windows 10:

image

Windows 7:

image

Now your remote desktop should be able to connect. Remember to revert the setting after you are done.

Windows Home Edition client (without above option)

If your Windows client does not have group policy editor or above “Oracle Remediation” option (like Windows Home Edition), then you can temporarily uninstall the security update patch in May 2018, KB41037XX:

etc.

Windows 10:

image

Windows 7:

image

Remember to reinstall it when you are done.

Windows server

In the comment area, @Rome mentioned that, on server side, this can be mitigated by disabling “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” in server’s system properties.

Windows Server 2016:

image

I strongly suggest not to compromise the server-side security, but mitigate it from client Windows temporarily. You should patch the server-side or ask server administrator to patch it.

112 Comments

  • Thank you for this post. It saves me alot of time. I started experiencing this issue about 5 days ago. Now I'm fine as your solution fix the issue.

  • THANK YOU. An unfortunate Windows10 update issue (yet again).

  • Thanks this worked for me on one PC, but i have another system it doesn't have Encryption Oracle Delegation under Credentials Delegation what can i do for that i am still unable to use remote on that?

  • Hello Dear,

    I am also facing the exact same issue but I am unable to fix it as I have gone through the entire process described in this post but unfortunately I am unable to see the settings as they are mentioned here. I am unable to see the option "ENCRYPTION ORACLE REMEDIATION". Can you help me with that so that I can resume my work?

    I have windows 7 installed on the remote pc.

    Thank you in advance



  • Hello dear,

    Where do I do this stuff? I am not a system side guy I dont remember where to set this all. Do you want to go to gpedit again or should I switch to REGEDIT?

  • Okay I did what you sent me in the email:

    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

    I tried to locate the options but I am at a dead end after the following options

    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System

    There is no such thing a Credd SSP\parameter.

    After system\
    Audit
    UIPI

    only they are there

  • Hello Good Day!

    Easy and Fast instructions.. Thank you..

  • This is what worked for me, The remote computer you are trying to connect to, "In my case my server". follow these steps
    1: Go to computer you trying to get connected to
    2: Control Panel
    3: System
    4: Remote Settings
    5: Select Don't Allow Remote Connections to this Computer and Click Apply
    6: Select Allow Remote Connections to this Computer and Click Apply
    **Allow Remote Connections through NLA is unchecked.

  • @Samiullah Unfortunately I cannot reproduce and troubleshoot this for you, because all my computer has that option.

    I am using Windows 7 Ultimate and Windows 10 Pro. What edition of Windows client are you using? Can you install the latest updates for your client Windows and see if the option appear?

  • @Rome It is "workable" but I strongly suggest not to compromise the server side, but temporarily compromise the client. You should patch the server or ask the server's administrator to patch it.

  • Really helpfull its working for me.

  • I rolled back the update the KB4103727 on both of my laptops that were having the problem since yesterday (5/14/2018). This worked for me.

  • I need a solution for Window 8.1 Users. Please give me some solution.

  • Uninstall the Win - patch KB4103731 to fix this issue.

  • It's worked fine .Thank you for sharing the information

  • This worked for me. Thanks. Patching now to see if that will alleviate the issue for good.

  • I have Win 10 Home edition so I dont have access for Local Group Policy Editor. I would like change it in reg editor but I cannot change it there too because I cannot find a Credd SSP\parameter
    I have had no problems with remote desktop until now.

    Could you help me, please?

  • It's Worked, great!!

    Thank you

  • great thank you it works fine in windows 10

  • Saved lot of time. thanks :)

  • hello,,
    i am using windows 10..but can't find "ENCRYPTION ORACLE REMEDIATION". i really thank you if you can help me with that.....
    thx

  • Powershell remove NLA from RDP
    (Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -ComputerName ***computername*** -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)

  • thank you

    It's working,

  • many thanks for powershell - it is working !

  • For my Windows server 2012
    This is what worked for me, follow these steps again
    1: Go to computer you trying to get connected to
    2: Control Panel
    3: System
    4: Remote Settings
    5: Select Don't Allow Remote Connections to this Computer and Click Apply
    6: Select Allow Remote Connections to this Computer and Click Apply
    ###Allow Remote Connections through NLA is unchecked

  • Please i need a solution for Window 8.1 Users. Please give me some solution. Thanks

  • It's worked fine .Thank you for sharing the information
    Actually i have face this issue last one week but online not found quick solution by the way still issue resolve get complete information on this site

  • Thanks, it works fine in windows 10

  • I followed this instructions and uninstalled all KB41037XX and that fixed the issue. BUT on Thursday I received a windows update that took about 45 minutes to install and now I am back to the same issue. I can't use my Remote Desktop to remote into my work computer thru VPN. I can connect to VPN with no issue. I checked and there are no KB41037XX listed. My winver is Version 1803 (OS Build 17134.81)

    Any one have any ideas.... Thanks

  • Thank you. Best working advice.

  • Hi Samiullah the registry key works, but those entries are not there after the patch is applied, you have to add them so CredSSP is added as a new key under System, i.e it appears as a yellow folder under it in Regedit, then you need to do the same again with Parameters, it of course will be a child under CredSSP, finally within the Parameters key, you add new DWORD (32-bit) Value, and you give it a value of 2

    Unfortunately I think its going to stop working on Friday because Samiullah https://support.microsoft.com/en-gb/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018 says that a 2nd update on this coming Friday will arrive will change the behaviour to Mitigated. I'm not totally sure I'm correct on this point, read the above link and see if you agree!

  • You can simple do all the registry changes by click on one file.
    Download it from
    http://www.sjtechnics.com/remote-desktop-connection-authentication-error-due-to-credssp-encryption-oracle-remediation/
    100 percent working

  • If you are missing the registry key, your system maybe missing patches. Check for updates related to Security & Remote Desktop Client.

  • You save my day

  • <a herf="http://fkrtricks.com/download-free-gbwhastapp-apk-latest-version-for-android/">Sonu Verma</a> pls i will try this mehod but it is not work for me pl sgive me best suggetion bro pls

  • It worked! Thanks

  • Hi,

    I am unable to see the option "ENCRYPTION ORACLE REMEDIATION" in the group policy.

    My Remote computer is Windows 8.1 Pro & client PC is Windows 8.1

    Thank you in advance

  • Hi,

    I am unable to see the option "ENCRYPTION ORACLE REMEDIATION" in the group policy.

    My Remote computer is Windows 8.1 Pro & client PC is Windows 8.1

    Thank you in advance

  • Fast and simple fixed

    If you are running Windows 10
    Install Microsoft Remote Desktop from Microsoft Store.
    Launch it and see if works

  • I cannot sign in with my rdp

  • Very helpful. Thanks for the informative post.

  • <a herf="http://fkrtricks.com/download-free-gbwhatsapp-apk-latest-version-for-android/">gbwhatsapp</a> is a single app to save status

  • <a herf="http://fkrtricks.com/what-is-gb-facebook-or-gb-messenger/">gb facebook</a> is a aosome app try

  • aosome app bro try it

  • gb facebook is really aosome app for swith account

  • This solution worked for me as well. However, I am unsure if there is any security threat as I am connecting to our corporate PC through my Home PC. If so, then the threat is at which level? I.e., is it at client level or server level?

  • Thanks, this worked for me .. gpedit.msc

  • If you don't have gpedit.msc search for Windows Power Shell , right click on it and Run as administrator, in the new window paste: REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v A
    llowEncryptionOracle /t REG_DWORD /d 2 - It will say value already exists, type Y and enter.

  • Thank you so much. It worked for me.

  • You made my day so much easier !!! Thanks

  • Thank you so much.

  • thank you Very Very

  • Thank you very much for this valuable contribution and informative.

  • Thanks for sharing the lovely post with us. I Like your post.

  • Thank you very much, this solution works for me :
    The remote computer you are trying to connect to, "In my case my server". follow these steps
    1: Go to computer you trying to get connected to
    2: Control Panel
    3: System
    4: Remote Settings
    5: Select Don't Allow Remote Connections to this Computer and Click Apply
    6: Select Allow Remote Connections to this Computer and Click Apply
    **Allow Remote Connections through NLA is unchecked.

  • thank you so much

  • nice

  • Great post, even better than MS. Thanks.
    I followed these steps from console.
    1: Go to computer you trying to get connected to
    2: Control Panel
    3: System
    4: Remote Settings
    **Unchecked Allow Remote Connections through NLA.

  • thank you for helping to get rid this problem. i am very worried about this error and these blog was helpful for me

  • thank you for helping to get rid this problem. i am very worried about this error and these blog was helpful for me

  • Thanks for sharing this informative information with us. I really like your article to Describing the knowledgeable Things. also, get In touch Our Best Dubai Web Design Services.

  • thank you so much

  • <b><a title="نسیم موزیک" href="https://nasimmusic.com/">نسیم موزیک</a></b>

    <strong><a href="https://nasimmusic.com/">دانلود آهنگ جدید</a></strong>

    <a href="https://nasimmusic.com/Happy-wedding-song"><strong> آهنگ شاد عروسی</strong></a>

    &nbsp;

  • Taking about Alexa & Echo duo the Echo is the loudspeaker whereas Alexa is the speech software. They together work to perform a various task that we call as Alexa skills.

    for more details 844 260 1666.

  • this post is so useful for all persons because most persons are used a remote desktop
    when you have any problem with your laptop so you can visit on my website

  • This post is very useful for the user and a very knowledgable post to the visitors. Thanks for sharing the fantastic post

  • A leading service provider in the printer, imaging, and scanner system devices, we deliver high quality services that can exceed the expectation of our customers.

    for more details 844 260 1666.


    https://www.printerofflinefix.online

  • A leading service provider in the printer, imaging, and scanner system devices, we deliver high quality services that can exceed the expectation of our customers.

    For more details 844 260 1666.

  • A leading service provider in the printer, imaging, and scanner system devices, we deliver high quality services that can exceed the expectation of our customers.

    for more details https://www.printerofflinefix.online


  • Thanks for sharing this blog with us.
    It is a Microsoft technology that allows a local computer to connect to and control a remote PC over a network or the Internet. It is done through a Remote Desktop Service or a terminal service that uses the company's proprietary Remote Desktop Protocol.

  • Excellent article!
    Thank you to the author for it! In it the exciting and useful information it is possible to often re-read it! It will be beneficial at the writing of the article.
    Have a look at our site:

  • very nice thank you

  • keep posting its helpful.

  • Excellent article!
    Thanks a lot for sharing this informative information with us.
    Our success is the result of quality services which our experts provide to users. Every technician of our unit is a certified professional. Their exposure in the field of computer repair helped us in developing quality solutions which are budget-friendly and efficient. From repairing a motherboard to the recovery of data from a crashed hard disk, they have handled all type of problems which a consumer can encounter while using a computer. Below is the listing of issues which we fix along with the services that we present:

  • Thank you for this valuable information

  • I was very thanksful you are considering my problem.

  • Setup Alexa App with the help of experts, Contact Alexa experts regarding setup of Alexa app. A team of experts will teach you How To Setup Alexa App within minutes. Alexa app is available for Android and iOS users as well. So Why to waste time here and there, contact our experts now.

  • Thanks for sharing such beautiful information with us.
    I hope you will share some more info about Remote Desktop.
    <a href="http://www.oudel.com/">Professional Remote Desktop Provider
    </a>

  • Thanks for sharing such beautiful information with us.
    I hope you will share some more info about Remote Desktop.

  • Thanks for sharing this information

  • This info is really helpful I liked it a lot thanks for sharing it

  • Thank you I really appreciate your help.

  • Sometimes user face any issue with netgear router and in this case you have to get connected with us for nighthawk ac2100 setup. We are available with the setup.

  • If your netgear_ext not showing up then we are available with the solution. You just need to visit and get connected with us for the solution.

  • We are available with new extender setup mywifiext.net for the user. In case of any technical issue we are always here to resolve the problems. So you need to get connected with us.

  • Setting up the mywifiext site is very easy and it takes only a few steps to setup your wifi range extender through it. you only need to connect your extender, open your browser and type mywifiext.net.

  • Nice. This is information is very important to me. Thank you for sharing this.

  • good post. Amazing

  • We provides <a href="https://www.allbiz.in/seo-training-in-ambala_30-094993-18287">SEO Training course in Ambala</a>. If you want to get this opertunity then join us. Firstly you will learn and after then you will definitely earn.

  • nice post

  • thanks for sharing this post

  • We are providing best web designing course in Ambala. If you want to get a professional web design technique the join us.
    Thanks for this articlre.

  • Linksys Extender Setup lets you extend the wireless signal of any access point or router to provide optimized Internet. For Linksys Wifi Extender Setup, Go to 192.168.1.1 or extender.linksys.com.

  • Mywifiext is a local web page that allows users to connect to the local web page of mywifiext.net and conveniently set up their Netgear extender as an interface. The configuration wizard for mywifiext.net allows users to log in to their New extender Setup. It also makes the login/setup process easy for users of mywifiext.net.

  • Mywifiext lets you expand the existing wifi network for New Extender setup or Netgear expansion setup in the United States for technical assistance. 

  • I truly thank you for the significant data on this incredible subject and anticipate more awesome posts. You're the best to enjoy this excellence article with me. I am welcoming it all that much! Anticipating another awesome article. Good fortunes to the creator! All the best!

  • Amped wireless setup increases the range of internet for example if a device's range is in one and user has to expand his signal then the user need to setup a device called amped wifi extender

  • Ap Setup provides details regarding the New Extender Setup. Visit the setup page

  • mywifiext is local path to open genie setup configuration .When the user accesses this mywifiext.net on the web browser to set up a wireless adapter ,it shows an error message due to complications or is unable to compare to the domain

  • mywifiext is local path to open genie setup configuration .When the user accesses this mywifiext.net on the web browser to set up a wireless adapter ,it shows an error message due to complications or is unable to compare to the domain

  • <a href="https://Setupmywifiextnet.us/">mywifiext</a> is local path to open genie setup configuration .When the user accesses this mywifiext.net on the web browser to set up a wireless adapter ,it shows an error message due to complications or is unable to compare to the domain

  • mywifiext is local path to open genie setup configuration .When the user accesses this mywifiext.net on the web browser to set up a wireless adapter ,it shows an error message due to complications or is unable to compare to the domain

  • <a href="http://setupampedwirelessextender.com/
    ">Ampedwireless</a>
    is a local path to open genie setup configuration. When the user accesses this Mywifiext on web address to set up a wireless adapter , it displays an error message due to technical complications or is unable to compare to the domain.

  • ساده ترین راه برای توضیح چگونگی مکش جارو برقی، این است که آن را مانند یک نی تصور کرد. هنگامی که شما از طریق نی، نوشیدنی را میل می کنید، عمل مکیدن باعث ایجاد فشار هوای منفی در داخل نی می شود و فشاری کمتر از جو اطراف آن ایجاد می گردد. به همین ترتیب جارو برقی فشار منفی را در داخل ایجاد کرده و باعث ورود جریان هوا به داخل لوله می شود.

    به گزارش ایسنا، بنابر اعلام تعمیر۲۴، جاروبرقی از یک موتور الکتریکی استفاده می کند که باعث چرخش یک فن می شود و هوا را مکش می کند.

  • for free guest posting and blogging

  • TP-LinkExtender Setup connect the TP-Link Range Extender with your router or the access point. TP link extender is easy to setup. For more information visit tplinkrepeater.net

  • Thanks for sharing this content, Basically we provides the best Wi-Fi range extender setup Which increases the Wi-Fi range

  • Ap.Setup is access pont that helps you to connect your WiFi Range Extender and then firstly connect to Wireless-N and then type ap.setup or ap setup into the URL to set up our extender. To open the setup, click here.

  • thanks for sharing this helpful article

  • I Like your post it is very great and very nice post so thank you for sharing with us.

  • Great post!

  • I enjoy it for creating the details, keep up the truly amazing perform continuing<br>
    <a href="https://tourgardan.com/IranTours/KishTours">تور کیش</a><br>
    <a href="https://drticket.ir/">دکتر تیکت</a><br>
    <a href="https://akhbarejadid.com/279681/">نوبت دهی تعویض پلاک</a><br>
    <a href="https://akhbarejadid.com/274383">سامانه همگام مدارس</a><br>
    <a href="https://akhbarejadid.com">اخبار جدید</a><br>
    <a href="https://akhbarejadid.com/241368/">اطلاعات جدید در مورد کشتی یونانی کیش</a><br>
    <a href="https://akhbarejadid.com/77153/">سامانه سعدی</a><br>
    <a href="https://akhbarejadid.com/196055/">ابلاغیه الکترونیکی</a><br>
    <a href="https://tourgardan.com/IranTours/KishTours">Tourgardan KishTours</a><br>
    <a href="https://akhbarejadid.com/201029/">سامانه خرید آرد کشور</a><br>
    <a href="https://akhbarejadid.com/194127/">samt tamin</a><br>
    <a href="https://akhbarejadid.com/198478/">پرداخت اقساط بانک مهر اقتصاد</a><br>
    <a href="https://akhbarejadid.com/117840/">آموزش ساخت اپل آیدی رایگان</a><br>
    <a href="https://akhbarejadid.com/197801/">رهگیری مرسولات تیپاکس</a><br>
    <a href="https://akhbarejadid.com/258959/">کد شهاب بانک ملت</a><br>
    <a href="https://akhbarejadid.com/193949/">فیش حقوقی فرهنگیان بازنشسته</a><br>
    <a href="https://akhbarejadid.com/193692/">سجام sejam</a><br>
    <a href="https://tourgardan.com/IranTours/KishTours">رزرو تورهای ارزان قیمت کیش</a><br>
    <a href="https://akhbarejadid.com/199252/">یانکداری اینترنتی پاسارگاد bpi</a><br>
    <a href="https://akhbarejadid.com/157084/">ثبت نام ایران خودرو esale.ikco.ir</a><br>
    <a href="https://akhbarejadid.com/176293/">ثبت نام سایپا saipa.iranecar.com</a><br>
    <a href="https://akhbarejadid.com/199457/">سامانه شمس بانک صادرات</a><br>
    <a href="https://akhbarejadid.com/154353/">پنل سهام عدالت</a><br>
    <a href="https://akhbarejadid.com/197519/">مفید آنلاین modifonline</a><br>
    <a href="https://akhbarejadid.com/197624/">کارگزاری فارابی irfarabi</a><br>
    <a href="https://akhbarejadid.com/197524/">پنل آگاه آنلاین agah online</a><br>
    <a href="https://ingorex.ca/">اینگورکس املاک کانادا</a><br>
    <a href="https://suzukivitara.org/">لوازم یدکی سوزوکی</a><br>
    <a href="https://sampart.net/">لوازم یدکی هیوندای</a><br>
    <a href="https://20script.ir/">اسکریپت</a><br>

Add a Comment

As it will appear on the website

Not displayed

Your website