Action needed in case of Windows RDP issue

If you have recently installed security updates on Windows 10 workstations, over the past few days you may have received an error message when trying to establish a remote desktop connection to other servers. The initial (March 13, 2018) release from Microsoft updated the CredSSP authentication protocol and the Remote Desktop clients for all affected platforms. Their release ( CVE-2018-0886) consists of installing the update on all eligible client and server operating systems and then using Group Policy or registry settings to configure the options on both clients and servers. Specifically in our case, we are talking about the Windows 10 RDP CredSSP encryption oracle remediation error fix.

Windows 10 RDP CredSSP Encryption Oracle Remediation Error Fix

On May 8, the cumulative updates were released below for Windows 10 and Server 2016, etc. These cumulative updates included a fix for the CredSSP encryption vulnerability.

  • May 8, 2018 – KB4103721 (OS Build 1803)
  • May 8, 2018 – KB4103727 (OS Build 1709)
  • May 8, 2018 – KB4103731 (OS Build 1703)
  • May 8, 2018 – KB4103723 (OS Build 1609 & Server 2016)

Once the user has installed the patch on a “vulnerable” workstation and attempt to connect to an unpatched server (or vise versa), the following error message is seen after entry of the password to authenticate to the RDP session.

The following steps can be taken to patch the security credentials so that this error does not happen.

  1. Open the Command Prompt box (either  Win + R, or click  Windows search button, then type cmd and press Enter)
  2. Type gpedit.msc and enter.  This will open the Local Group Policy Editor
  3. As shown in the following picture, navigate to Administrative Templates > System > Credentials Delegation
  4.  Select Encryption Oracle Remediation
  5. Click on the option to Enable, then Save
  6. Reboot your computer

Alternatively, if you are familiar with registry setting, you can adjust this policy setting via the registry and a reboot.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] “AllowEncryptionOracle”=dword:00000002

Perform this security fix if you are having any problem connecting to any servers.