Cameyo Blog

  

Steps to Fix Remote Desktop Windows 10 Update Error

May 31, 2018
By Eyal Dotan

RDP connection error “CredSSP encryption Oracle remediation”

If you are trying to connect to a server (or host in general) which has a recent Windows Update, and if the client machine you are connecting from is not patched to the latest level, you may receive the following error.

An authentication error has occurred.

The function requested is not supported.

Remote computer: xxxxxxxx

This could be due to CredSSP encryption oracle remediation.

For more information, see https://...

 

Image result for credssp rdp

 

Here’s a version matrix between Windows 10 clients and Windows Server 2016, but the error can exist also in different version combinations:

  • Win10 1709 can RDP directly to 14393.2068 and 2248
  • Win10 1803 17134.1 can RDP directly to 14393.2068 and 2248
  • Win10 1803 17134.48 and 81 can RDP directly only to 2248

This error has been quite common since the latest release of May Windows Updates. Indeed, the latest Windows RDP server-side no longer considers older (pre-May) versions of RDP clients.

Quick workaround

Microsoft recommends that you update your Windows client to the latest version and updates. However, in some cases this is not practical. Be it due to your organization’s OS updating process or the fact you are in need of a quick RDP access. Here is a quick workaround for those of you who wish not to update the entire OS in order to connect to a picky RDP server. There are different ways for applying this workaround:

Method 1: regedit

Run “regedit.exe” and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters

There, add a DWORD value “AllowEncryptionOracle” and set it to 2.

Method 2: command line

Alternatively, you can launch the following from an elevated (administrator-launched) command line:

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Method 3: local group policy editor

Run the command “gpedit.msc”. There, go to

Local Computer Policy\Computer Configuration\Administrative Templates\System\Credentials Delegation

 

 

Double-click the line “Encryption Oracle Remediation”. Set it to Enabled with Protection Level = “Mitigated”:

 

 

 

Comprehensive fix

If you need RDP for your users to run a specific set of programs, products such as Cameyo allow you to avoid this sort of issues altogether. Cameyo transforms Windows / Active Directory sessions (such as performed by RDP) into cloud-friendly sessions that support modern authentication methods such as OAuth2 (Google ID, Microsoft ID, Azure Active Directory) or email / passwords. It optionally allows multi-factor authentication (MFA). This simplifies cloud & Web migration, with less maintenance and more security.

Click here to start your free trial of Cameyo. 

 

Filed Under: RDP Issues, Windows 10