Skip to main content

CredSSP Encryption Oracle Remediation RDP issue

 

CredSSP Encryption Oracle Remediation RDP issue

An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.

However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.

This has been reported to cause an error thrown by Windows RDP as below:



Solution:

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

1. Open Group Policy Editor, by executing gpedit.msc

2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

Run gpedit.msc and expand Administrative Templates


Expand System

Expand Credential Delegation
Edit Encryption Oracle Remediation
Select Enabled and change Production Level to Vulnerable

3. Run the command gpupdate /force to apply group policy settings.

4. Your remote desktop connection will be working fine now.

If you cannot use gpedit.msc, you can make the same change by using the registry, as follows:

  1. Open a Command Prompt window as Administrator.

  2. Run the following command to add a registry value:
    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2





Labels:

Comments

Post a Comment

Popular posts from this blog

Exchange OWA Error (Something Went Wrong)

Exchange OWA Error (Something Went Wrong) Exchange 2016 Cu8 on Windows Server 2012 R2 gave error on OWA, ECP will work if administrator doesn’t have a mailbox. else even ecp will throw the same error. An unexpected error occurred and your request couldn't be handled. X-ClientId: 15BED63F62FB4FDB809703ED2534C19D request-id 1ac56275-a1ab-48cf-9f82-880c49767a19 X-OWA-Error Microsoft.Exchange.Diagnostics.ExAssertException X-OWA-Version 15.1.1415.4 X-DAGServer COMM X-DAGerver COMM Date:11/07/2018 3:30:06 PM Description: Unable to find the certificate with thumbprint [Thumb code] in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token. or invalid or expired ' Microsoft Exchange Server Auth Certificate' Solution: Create new  Microsoft Exchange Server Auth Certificate  1.      Open Exchange admin Center ECP, then go to servers, certificates, find Microsof...
Post a Comment
Read more

How to configure E-Mail notification in WSUS

How to configure E-Mail notification in WSUS The WSUS server can be configured to send e-mail notifications of new updates and reports on the status of the WSUS network. Notifications will be sent whenever the WSUS server synchronizes new updates, and status reports can be sent daily or weekly.  Set up e-mail notifications In the WSUS Administration console, click  Options in the left pane. In the center pane, click  E-Mail Notifications . Click the  General If you want update notifications, select the  Send e-mail notification when new updates are synchronized check box. In the  Recipients box, type the e-mail addresses of the people who should receive update notifications. Separate the names with semi-colons. If you want status reports, select the  Send status reports check box. In the  Frequency box, select either  Daily  or  Weekly . In the  Send repo...
Post a Comment
Read more