Good Article Mohamed! I will strongly suggest to read the article and in detail CVE-2018-0886.When I found that issue few weeks ago after the CVE article I've decided to patch immediately few servers, the main reason is that 'Any change to Encryption Oracle Remediation requires a reboot.' So I preferred to apply the hotfix instead of applying a regkey or create a group policy that should apply. Click Show Options in the bottom left corner of the remote desktop window. Select Save As and save the Default.rdp file to your Desktop. Now, open the Default.rdp file in Notepad. CredSSP stands for Credential Security Support Provider protocol and is an authentication provider that processes authentication requests for other applications. In vulnerable versions of CredSSP there is a problem, identified recently, that allows remote code execution: an attacker who exploits this vulnerability can forward user credentials. 1 – Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab. Note: uncheck the option to Allow connections only from computers running Remote Desktop with Network Level Authentication. An authentication error has occurred. The function requested is not supported. Remote computer: This could be due to CredSSP encryption oracle remediation. For more information, see https:/go.microsoft.com/fwlink/?linkid=866660.
-->This article provides a solution to an error that occurs when you try to establish a remote desktop connection using RD client (mstsc.exe) to a Remote Desktop server.
Original product version: Windows Server 2012 R2
Original KB number: 2493594
Symptoms
When attempting to establish a remote desktop connection using RD client (mstsc.exe) to a Remote Desktop server that is running Windows Server 2008 R2, you may meet any of these messages:
The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.
Or
An authentication error has occurred.
The Local Security Authority cannot be contacted
Cause
Generally this error message points to network congestions prohibiting a secure connection to the RD server. However, this error message may also appear if RD Server is configured for secure connections using TLS and TLS isn't supported at the client (source machine) attempting the Remote Desktop Protocol (RDP) connection.
Resolution
Remote Desktop in Windows Server 2008 R2 offers three types of secure connections:
Remote Desktop Authentication Error 0x80004005
Negotiate: This security method uses Transport Layer Security (TLS) 1.0 to authenticate the server if TLS is supported. If TLS isn't supported, the server isn't authenticated.
Authentication Error Has Occurred Remote Desktop Windows Server 2012
RDP Security Layer: This security method uses Remote Desktop Protocol encryption to help secure communications between the client computer and the server. If you select this setting, the server isn't authenticated.
SSL (Secure Sockets Layer): This security method requires TLS 1.0 to authenticate the server. If TLS isn't supported, you can't establish a connection to the server. This method is only available if you select a valid certificate.
To resolve the issue, change the remote desktop security on the RD server to RDP Security Layer to allow a secure connection using Remote Desktop Protocol encryption. Below are the steps:
- Navigate to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
- With RD Session Host Configuration selected view under Connections.
- Right-click RDP Listener with connection type Microsoft RDP 6.1 and choose Properties.
- In general tab of properties dialog box under Security, select RDP Security Layer as the Security Layer.
- Select OK.
Note
This setting doesn't need a restart of the Server or Remote Desktop Service.
More information
You may also see Event ID 56 with source TermDD in the system event logs on the RD server for every unsuccessful RDP attempt.
In March 2018, Microsoft released a security update that fixes a vulnerability in the Credential Security Support Provider Protocol (CredSSP). This vulnerability (CVE-2018–0886) allows an attacker to remotely execute arbitrary code on a vulnerable Windows host with an open RDP port (TCP/3389). In May 2018, an update “2018-05 Security only/Monthly Rollup” was released. It blocks the connection to computers with an affected version of CredSSP.
When you try to connect to a remote computer with a vulnerable CredSSP from Windows 10/Windows Server 2016, you receive the Remote Desktop Connection error:
An authentication error has occurred.
The function is not supported.
Remote Computer: hostname
This could be due to CredSSP encryption oracle remediation.
For more information, see link.
On Windows 7, the CredSSP error looks like this:
An authentication error has occurred.
The function requested is not supported.
Remote computer: hostnname
To fix This could be due to credssp encryption oracle remediation error, you need to install the latest Windows security update on the remote computer. You can install the latest Cumulative Update for your Windows version. You can download the update manually via Microsoft Update Catalog or install it via Windows Update or WSUS.
Hint. CredSSP authentication error appears only when you try to connect via RDP from a computer on which the latest security updates are installed to a non-updated computer (for example, a computer that never gets updates, or a clean installed device with a Windows 10/Windows Server 2016 build that was released before March 2018).
Hint. There is a workaround allowing you to connect to a computer with a vulnerable version of CredSSP. To do this, you need to configure a special Group Policy parameter named Encryption Oracle Remediation on your computer from which you are establishing the Remote Desktop connection.
- Press Win+R, type gpedit.msc, and press Enter;
- Go to the following section of the Local Group Policy Editor: Computer Configuration > Administrative Templates > System > Credentials Delegation;
- Open the policy setting Encryption Oracle Remediation;
- Change its state to Enabled, and set Vulnerable in the Protection Level field;
- Update the Group Policy settings using:
Hint. You can also allow your computer to connect to vulnerable versions of CredSSP through the registry. Run the following command through elevated command prompt:
Now you can connect to the remote host via RDP and install the updates. After upgrading, don’t forget to disable the policy or reset the AllowEncryptionOracle registry value to its original value:
There are 3 options in the “Encryption Oracle Remediation” policy:
- Vulnerable — the client can connect to vulnerable computers;
- Mitigated — the client cannot connect to vulnerable servers, but the servers can allow vulnerable clients to connect;
- Force Updated Clients — secure RDP CredSPP interoperability layer.
READ ALSOHow to Configure DHCP Conflict Resolution?If from a computer that doesn’t have the CredSPP security update installed you can’t connect to an updated RDP/RDS host with the “Force updated clients” option enabled, you can allow the server to accept connections with an affected version of CredSPP. To do this, you need to enable the policy with the Mitigated value on the server. In this way, to make changes to the server you can remotely connect to it via PowerShell under admin credentials:
And allow the connection:
In all cases, Microsoft always recommends installing the latest Windows updates on both the RDP server and the client.
AuthorRecent PostsCyril KardashevskyI enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.Latest posts by Cyril Kardashevsky (see all)