May 31, 2018
Eyal Dotan
Back to results

Steps to Fix Remote Desktop Windows 10 Update Error

RDP connection error “CredSSP encryption Oracle remediation”

TL;DR – If you’re experiencing the issue below and you need RDP for your users to run a specific set of programs, Cameyo enables you to avoid this sort of issue altogether. You can schedule a demo here – or you can start your free trial of Cameyo here

If you are trying to connect to a server (or host in general) which has a recent Windows Update, and if the client machine you are connecting from is not patched to the latest level, you may receive the following error.

An authentication error has occurred.

The function requested is not supported.

Remote computer: xxxxxxxx

This could be due to CredSSP encryption oracle remediation.

For more information, see https://…

 

Image result for credssp rdp

 

Here’s a version matrix between Windows 10 clients and Windows Server 2016, but the error can exist also in different version combinations:

  • Win10 1709 can RDP directly to 14393.2068 and 2248
  • Win10 1803 17134.1 can RDP directly to 14393.2068 and 2248
  • Win10 1803 17134.48 and 81 can RDP directly only to 2248

This error has been quite common since the latest release of May Windows Updates. Indeed, the latest Windows RDP server-side no longer considers older (pre-May) versions of RDP clients.

Quick workaround

Microsoft recommends that you update your Windows client to the latest version and updates. However, in some cases this is not practical. Be it due to your organization’s OS updating process or the fact you are in need of a quick RDP access. Here is a quick workaround for those of you who wish not to update the entire OS in order to connect to a picky RDP server. There are different ways for applying this workaround:

Method 1: regedit

Run “regedit.exe” and go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemCredSSPParameters

There, add a DWORD value “AllowEncryptionOracle” and set it to 2.

Method 2: command line

Alternatively, you can launch the following from an elevated (administrator-launched) command line:

REG ADD HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemCredSSPParameters /v AllowEncryptionOracle /t REG_DWORD /d 2

Method 3: local group policy editor

Run the command “gpedit.msc”. There, go to

Local Computer PolicyComputer ConfigurationAdministrative TemplatesSystemCredentials Delegation

 

 

Double-click the line “Encryption Oracle Remediation”. Set it to Enabled with Protection Level = “Mitigated”:

 

 

 

Comprehensive fix

If you need RDP for your users to run a specific set of programs, Cameyo enables you to avoid this sort of issue altogether. Cameyo transforms Windows / Active Directory sessions (such as performed by RDP) into cloud-friendly sessions that support modern authentication methods such as OAuth2 (Google ID, Microsoft ID, Azure Active Directory) or email / passwords. It optionally allows multi-factor authentication (MFA). This simplifies cloud & Web migration, with less maintenance and more security.

If you’d like to learn more, you can schedule a demo here – or you can start your free trial of Cameyo here

 

Submit a Comment

Your email address will not be published. Required fields are marked *

Cameyo needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Make Remote Work, Work For You.

Simply & securely deliver all your business-critical apps to any device, from the browser, so your people can stay productive from anywhere.

Start your free trial Request a demo

Stay Up to Date

Topics

Security Technology

You Might Be Interested In