"How to fix CredSSP Authentication for RDP" Error and Solution

“How to fix CredSSP Authentication for RDP” Error and Solution

by

The Credential Security Support Provider Protocol or CredSSP is a security support protocol that is used to authenticate users via the SSPI . CredSSP used to delegate a user credential to the remote server by using TLS encrypted channel. Microsoft issues an update in March 2018 to fix CredSSP related vulnerabilities. This update broke the Remote Desktop Protocol (RDP) log in with the CredSSP. This resulted in a lot of users can not log in to the RDP sessions.

CredSSP Encryption Oracle Remediation Error

If the update is installed and we try to connect to the remote RDP server the following error message is provided with the failure of the RDP connection.

An authentication error has occurred.
The function requested is not supported
Remote computer: <computer name="SRV1">
This could be due to CredSSP encryption oracle remediation.
For more information, see the link

Fix via Computer Cofiguration (Group Policy)

The security update resulted the error. By rolling back this update this error can be fixed but this is not the best even a good way. Because rolling back the update makes the systems vulnerable with the security issues. The Computer Configuration or Group Policy can be used to fix this CredSSP error. First open the Local Group Policy Editor

  • Open the Windows Run Box (WIN+R)
  • Type gpedit.msc in order to open Computer Configuration .
  • Navigate to the Computer Configuration -> Administrative Template -> System -> Crendential Delegation -> Encrypt Oracle Remediation .

Select Encryption Oracle Remediation like below.

In the “Encryption Oracle Remediation” select the Enabled like below. Then in the Protection Level select the value Vulnerable . The last step is clicking to the Apply button.

Encryption Oracle Remediation Enabled and Vulnerable

Fix via Registery Editor

Another way to fix CredSSP authantication with RDP error is using the registery editor. First open the registery editor by running regedit in the windows run.

  • Open Windows Run (WIN+R)
  • In the registry editor navigate to the Computer -> HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Policies -> System -> CredSSP -> Parameters .
  • Double click to the key Allow Encryption and change the value to 2.

Leave a Comment