{"id":2458,"date":"2018-09-28T15:27:29","date_gmt":"2018-09-28T15:27:29","guid":{"rendered":"http:\/\/www.mtin.net\/blog\/?p=2458"},"modified":"2018-09-28T15:27:29","modified_gmt":"2018-09-28T15:27:29","slug":"credssp-error-message-fix-for-windows-rdp","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/credssp-error-message-fix-for-windows-rdp\/","title":{"rendered":"CredSSP error message fix for Windows RDP"},"content":{"rendered":"<p>The folks over at <a href=\"http:\/\/www.ori.net\">On-Ramp Indiana<\/a>\u00a0found a fix for this one.<br \/>\nThe Microsoft <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4295591\/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm\">Tech Article can be found here&#8230;<\/a><\/p>\n<div class=\"ng-scope\">\n<h2 class=\"c-heading-4 f-lean bold ng-binding\">Symptoms<\/h2>\n<hr class=\"c-divider f-pad-bottom-6x f-pad-top-3x\" \/>\n<\/div>\n<div class=\"section-body ng-scope\" style=\"box-sizing: inherit; outline: none; color: #000000; font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 15px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;\">\n<div class=\"ng-scope\" data-grid=\"col-12\">\n<div class=\"ng-isolate-scope\" data-grid=\"col-12\">\n<p class=\"ng-scope x-hidden-focus\">Consider the following scenario:<\/p>\n<ul class=\"ng-scope\">\n<li>The\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4093492\/credssp-updates-for-cve-2018-0886-march-13-2018\">Credential Security Support Provider protocol (CredSSP) updates for CVE-2018-0886\u00a0<\/a>are applied to\u00a0a Windows virtual machine (VM)\u00a0(remote server) in Microsoft Azure or on a local client.<\/li>\n<li>You try to make a remote desktop (RDP) connection to the server from the local client.<\/li>\n<\/ul>\n<p class=\"ng-scope x-hidden-focus\">In this scenario, you receive the following error message:<\/p>\n<div class=\"alert-band ng-scope\">\n<div class=\"alert alert-info\" role=\"alert\">\n<div class=\"row\">\n<div class=\"col-xs-24 x-hidden-focus\">\n<p><em>An authentication error has occurred. The function requested is not supported. Remote computer: &lt;computer name or IP&gt;. This could be due to CredSSP encryption oracle remediation. For more information, see\u00a0<a href=\"https:\/\/go.microsoft.com\/fwlink\/?linkid=866660\">https:\/\/go.microsoft.com\/fwlink\/?linkid=866660<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>If you are getting a CredSSP error message when trying to RDP to a server add this registry key to your local computer.\u00a0 It will disable CredSSP<\/p>\n<ul>\n<li><strong>[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\CredSSP\\Parameters] \u201cAllowEncryptionOracle\u201d=dword:00000002<\/strong><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The folks over at On-Ramp Indiana\u00a0found a fix for this one. The Microsoft Tech Article can be found here&#8230; Symptoms Consider the following scenario: The\u00a0Credential Security Support Provider protocol (CredSSP) updates for CVE-2018-0886\u00a0are applied to\u00a0a Windows virtual machine (VM)\u00a0(remote server) in Microsoft Azure or on a local client. You try to make a remote desktop [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2163,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[128,624],"tags":[626,627,108,499,625],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/03\/download.jpg?fit=309%2C163","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-DE","jetpack-related-posts":[{"id":2955,"url":"http:\/\/www.mtin.net\/blog\/how-to-install-windows-server-2019-on-vmware\/","url_meta":{"origin":2458,"position":0},"title":"How to install Windows Server 2019 on Vmware","author":"j2sw","date":"March 14, 2019","format":false,"excerpt":"https:\/\/www.sysnettechsolutions.com\/en\/server2019\/install-windows-server-2019-vmware-workstation-14\/","rel":"","context":"In \"2019\"","block_context":{"text":"2019","link":"http:\/\/www.mtin.net\/blog\/tag\/2019\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":522,"url":"http:\/\/www.mtin.net\/blog\/lots-of-changes-in-routeros-6-34\/","url_meta":{"origin":2458,"position":1},"title":"Lots of changes in RouterOS 6.34","author":"j2sw","date":"January 29, 2016","format":false,"excerpt":"Lots of changes in RouterOS 6.34 Some Standouts that will be of benefit to alot of folks I know *) mipsle - architecture support dropped (last fully supported version 6.32.x); *) btest - significantly increased TCP bandwidth test performance; *) ssh - fixed possible kernel crash; *) crs212 - fix\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":305,"url":"http:\/\/www.mtin.net\/blog\/mirkotik-router-os-6-29-released\/","url_meta":{"origin":2458,"position":2},"title":"Mikrotik Router OS 6.29 released","author":"j2sw","date":"May 28, 2015","format":false,"excerpt":"The fastTrack improvements are a big improvement for those of you doing such things. What's new in 6.29 (2015-May-27 11:19): *) ssh server - use custom generated DH primes when possible; *) ipsec - allow to specify custom IP address for my_id parameter; *) ovpn server - use subnet topology\u2026","rel":"","context":"In \"crs\"","block_context":{"text":"crs","link":"http:\/\/www.mtin.net\/blog\/tag\/crs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1440,"url":"http:\/\/www.mtin.net\/blog\/dhcp-starvation-attack\/","url_meta":{"origin":2458,"position":3},"title":"DHCP Starvation attack","author":"j2sw","date":"February 12, 2018","format":false,"excerpt":"DHCP starvation attacks are designed to deplete all of the addresses within the DHCP scope on a particular segment. Subsequently, a legitimate user is denied an IP address requested via DHCP and thus is not able to access the network.\u00a0 Yersinia is one such free hacking tool that performs automated\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"http:\/\/www.mtin.net\/blog\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":64,"url":"http:\/\/www.mtin.net\/blog\/router-os-6-15-released\/","url_meta":{"origin":2458,"position":4},"title":"Router OS 6.15 Released","author":"j2sw","date":"June 12, 2014","format":false,"excerpt":"Big bug fix if you are upgrading from V5.x What's new in 6.15 (2014-Jun-12 12:25): *) fixed upgrade from v5 - on first boot all the optional packages were disabled; *) fixed problem where sntp server could not be specified in winbox & webfig; *) metarouter - make openwrt work\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1798,"url":"http:\/\/www.mtin.net\/blog\/wpa-is-not-encrypting-your-customer-traffic\/","url_meta":{"origin":2458,"position":5},"title":"WPA is not encrypting your customer traffic","author":"j2sw","date":"September 11, 2017","format":false,"excerpt":"There was a Facebook discussion that popped up tonight about how a WISP answers the question \"Is your network secure?\" There were many good answers and the notion of WEP vs WPA was brought up. In today's society, you need end-to-end encryption for data to be secure. An ISP has\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/09\/download.jpg?fit=236%2C213&resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2458"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=2458"}],"version-history":[{"count":1,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2458\/revisions"}],"predecessor-version":[{"id":2459,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2458\/revisions\/2459"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media\/2163"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=2458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=2458"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=2458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}