The
Credential Security Support Provider Protocol
or
CredSSP
is a security support protocol that is used to authenticate
users via the
SSPI
. CredSSP used to delegate a user credential to the remote
server by using TLS encrypted channel. Microsoft issues an
update in March 2018 to fix CredSSP related vulnerabilities.
This update broke the
Remote Desktop Protocol
(RDP) log in with the CredSSP. This resulted in a lot of
users can not log in to the RDP sessions.
CredSSP Encryption Oracle Remediation Error
If the update is installed and we try to connect to the remote RDP server the following error message is provided with the failure of the RDP connection.
Fix via Computer Cofiguration (Group Policy)
The security update resulted the error. By rolling back this
update this error can be fixed but this is not the best even
a good way. Because rolling back the update makes the
systems vulnerable with the security issues. The
Computer Configuration
or
Group Policy
can be used to fix this CredSSP error. First open the
Local Group Policy Editor
- Open the Windows Run Box (WIN+R)
- Type
gpedit.msc
in order to openComputer Configuration
. - Navigate to the
Computer Configuration
->Administrative Template
->System
->Crendential Delegation
->Encrypt Oracle Remediation
.
Select
Encryption Oracle Remediation
like below.
In the Encryption Oracle Remediation select the
Enabled
like below. Then in the
Protection Level
select the value
Vulnerable
. The last step is clicking to the
Apply
button.
Fix via Registery Editor
Another way to fix CredSSP authantication with RDP error is
using the registery editor.
First open the registery editor
by running
regedit
in the windows run.
- Open Windows Run (WIN+R)
- In the registry editor navigate to the
Computer
->HKEY_LOCAL_MACHINE
->SOFTWARE
->Microsoft
->Windows
->CurrentVersion
->Policies
->System
->CredSSP
->Parameters
. - Double click to the key
Allow Encryption
and change the value to 2.