Sometimes you may face “CredSSP encryption oracle remediation” error While attempting to make an RDP connection to another Windows client you may face error
An authentication error has occurred.
The function requested is not supported
<computer name or IP> This could be due to CredSSP encryption oracle remediation
Note: CredSSP is an authentication provider which processes authentication requests for other applications. any application which depends on CredSSP for authentication may be vulnerable to this type of attack.
Why encryption oracle remediation missing?
This error is due to a recent update (KB4093492) to windows to resolve vulnerabilities in windows authentication. Specifically a vulnerability in the Windows subsystem, Credential Security Support Provider Protocol (CredSSP). This vulnerability applies to all modern versions of Windows Operating systems and allows for a remote code execution vulnerability. However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols. Let’s take a look at Windows RDP CredSSP encryption oracle remediation error fix.
Use group policy to change the Credential Delegation at the client
Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.
- Press Windows + R, type gpedit.msc and ok
- On group policy editor window navigate the following path
- Computer Configuration > Administrative Templates > System > Credentials Delegation
- Double click on policy named “Encryption Oracle Remediation”
- Here change the policy enabled,
- Then change Protection Level to Vulnerable. (see image below)
Once the change is made in the group policy editor it is put into effect immediately. No restart was required to apply the change.
Now try to reconnect the RDP client check there is no more RDP authentication error “CredSSP encryption oracle remediation”.
Tweak Windows registry editor
If you are windows home basic user, you don’t have group policy editor option to change the Credential Delegation at the client. But don’t worry you can apply following registry tweak to fix Windows RDP CredSSP encryption oracle remediation error.
- Press Windows + R, type regedit and ok
- This will open windows registry editor, navigate the following subkey
- HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Policies > System
- Right click on System, select New > Key and name it as CredSSP.
- Now right click on CredSSP and create a new key with name Parameters.
- In Parameters, you have to create new DWORD (32-bit) value with the name AllowEncryptionOracle.
- right click on AllowEncryptionOracle and choose Modify
- Here change its value data to “2” and Base to “Decimal“.
- That’s all, click ok and close registry editor.
Now try connecting to other system using RDP and you can now see the successful connection.
- Remote desktop connection not working after windows 10 1809 upgrade
- Microsoft store won’t open after windows 10 1809 update? Here how to fix
- How to Disable Superfetch & Prefetch in Windows 10/8/7
- How to Fix IP address conflict Windows 10, 8.1 and 7
- How to Disable Automatic Updates on Windows 10 Home 1809