I ran into this problem earlier this week when our remote sites called in stating they couldn’t connect. We are running some windows server 2012 servers and we have published remote apps as well as full-blown remote sessions for our remote locations and mobile users. This affected windows 7, 8, and 10 clients.

Problem

When trying to connect to a windows server 2012 via RDP we received this error message:

An Authentication error has occurred.
The function requested is not supported.
This could be due to CredSSP encryption oracle remediation

credssp-oracle-remote-desktop-error-and-fix

Solution 1:

Update your server, but this will require a reboot. Go to solution 2 if you cannot update your servers during production.

Solution 2:

Make a regedit key on the client pc. I did not have to restart the client for RDP to start working again.

  1. Open Notepad
  2. Copy and Paste:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] “AllowEncryptionOracle”=dword:00000002
  3. Save file as rdp_fix.reg
  4. Double click file and it will add the key to your registry.

Solution 3:

Remove the offending windows update on the client machine.

  • KB4103727

After Action Notes: 

Remember after you patch your servers to remove the registry changes, as it leaves the clients vulnerable.

References: