Problem
You attempt to use a Windows 10 workstation to remote desktop to a server but notice that the connection fails with the following error message:
An authentication error has occurred.
The function requested is not supported
Remote computer: <computerName>
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660
Reviewing the System logs on the client will show that the following error is logged:
A CredSSP authentication to TERMSRV/server.fqdn.com failed to negotiate a common protocol version. The remote host offered version 3 which is not permitted by Encryption Oracle Remediation.
See https://go.microsoft.com/fwlink/?linkid=866660 for more information.
Using a Windows 7 workstation to perform the same operation would display the following error message:
An authentication error has occurred.
The function requested is not supported
Remote computer: <computerName>
Solution
The cause of this error is explained in detail in the following TechNet blog post: https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/
The short answer is that a patch was released in May 2018 that addresses a vulnerability issue with the Credential Security Support Provider protocol (CredSSP) and if you have patched your workstation with this patch but have not done the same for the server then this error would be displayed. Note that patching the server but not patching the workstation would not cause this issue.
There are several ways to work around this and they are:
Workaround #1 – Disable NLA on Server
Disable Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) for the server:
Workaround #2 – Uninstall Patch
Another way is to uninstall the patch from the workstations. The patch to uninstall for Windows 10 is:
KB4103723
The patch to uninstall for Windows 7 is:
KB4103712
You can use the following cmdlets to search:
Get-HotFix | Where HotfixID -match "4103712"
… or with the following to uninstall the patch:
wusa.exe /uninstall /kb:<KB Number>
**Refer to this blog post for using PowerShell to search for installed hotfixes: http://terenceluk.blogspot.com/2014/10/handy-get-hotfix-windows-powershell.html
Workaround #3 – Adjust Encryption Oracle Remediation
The new configuration that causes this error can be located on the patched workstation’s Computer Configuration / Administrative Templates / System / Credentials Delegation:
You can temporarily disable this by changing Encryption Oracle Remediation policy to Enabled, and Protection Level to Vulnerable:
Recommended Solution
The three of these work arounds is *not* recommended as they are temporary measures and does not address the vulnerability. The recommended way of addressing this would be to install the corresponding update on the server:
KB4103725
2 comments:
Thank you, I tested the 3rd Workaround and it's working well.
I tried the Workaround #3 and its working for me. Although it may make the server vulnerable but i accepted the risk on my test environment.
Post a Comment