Pages

Thursday, May 17, 2018

Attempting to remote desktop to Windows server fails with the error: "An authentication error has occurred. The function requested is not supported"

Problem

You attempt to use a Windows 10 workstation to remote desktop to a server but notice that the connection fails with the following error message:

An authentication error has occurred.

The function requested is not supported

Remote computer: <computerName>

This could be due to CredSSP encryption oracle remediation.

For more information, see https://go.microsoft.com/fwlink/?linkid=866660

image

Reviewing the System logs on the client will show that the following error is logged:

A CredSSP authentication to TERMSRV/server.fqdn.com failed to negotiate a common protocol version. The remote host offered version 3 which is not permitted by Encryption Oracle Remediation.

See https://go.microsoft.com/fwlink/?linkid=866660 for more information.

image

Using a Windows 7 workstation to perform the same operation would display the following error message:

An authentication error has occurred.

The function requested is not supported

Remote computer: <computerName>

image

Solution

The cause of this error is explained in detail in the following TechNet blog post: https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

The short answer is that a patch was released in May 2018 that addresses a vulnerability issue with the Credential Security Support Provider protocol (CredSSP) and if you have patched your workstation with this patch but have not done the same for the server then this error would be displayed. Note that patching the server but not patching the workstation would not cause this issue.

There are several ways to work around this and they are:

Workaround #1 – Disable NLA on Server

Disable Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) for the server:

image

Workaround #2 – Uninstall Patch

Another way is to uninstall the patch from the workstations. The patch to uninstall for Windows 10 is:

KB4103723

image

The patch to uninstall for Windows 7 is:

KB4103712

image

You can use the following cmdlets to search:

Get-HotFix | Where HotfixID -match "4103712"

… or with the following to uninstall the patch:

wusa.exe /uninstall /kb:<KB Number>

**Refer to this blog post for using PowerShell to search for installed hotfixes: http://terenceluk.blogspot.com/2014/10/handy-get-hotfix-windows-powershell.html

Workaround #3 – Adjust Encryption Oracle Remediation

The new configuration that causes this error can be located on the patched workstation’s Computer Configuration / Administrative Templates / System / Credentials Delegation:

image

You can temporarily disable this by changing Encryption Oracle Remediation policy to Enabled, and Protection Level to Vulnerable:

image

Recommended Solution

The three of these work arounds is *not* recommended as they are temporary measures and does not address the vulnerability. The recommended way of addressing this would be to install the corresponding update on the server:

KB4103725

imageimage

2 comments:

Anonymous said...

Thank you, I tested the 3rd Workaround and it's working well.

Anonymous said...

I tried the Workaround #3 and its working for me. Although it may make the server vulnerable but i accepted the risk on my test environment.