On 8th May 2018, Microsoft launched a patch to fix gaping vulnerabilities exposed in the CredSSP module. Unfortunately, this code patch created some ripples, which lead to authentication errors in the Remote Desktop Protocol (RDP) of a Windows server.
Further, a CredSSP error resulted in Windows servers becoming inaccessible via RDP for many users. Many servers had to be rebooted as people thought it was a server-side error!
Fortunately, Microsoft was aggressive in their stance to tighten the security of applications. They made it compulsory for both client and server computers to install the update for streamlined functioning. Moreover, clients with this patch could not communicate with unpatched servers.
However, you can “reinstate” this communication by rolling back the update, as we will show you below.
Therefore, to know how to fix the CredSSP error during Remote Desktop or RDP in Windows, read on!
What is Credential Security Support Provider Protocol?
Firstly, CredSSP protocol is an authentication provider that takes on “outsourced” authentication requests from third-party applications and processes them. Moreover, it does this by securely transporting user credentials from a client computer to a Windows server via an encrypted pipe. Further, it uses TLS (Transport Layer Security) to make the transfer safe.
Unfortunately, a remote code execution vulnerability existed in the protocol!
Further, if an attacker were to exploit this loophole, they could access user credentials and execute malicious code on the target machine. As a result, the 2018 CredSSP error affected all applications depending on CredSPP for authentication.
What was the loophole in CredSSP?
Additionally, CredSSP was susceptible to the “man in the middle” attack if the user ran a Remote Desktop Protocol session. Hence, the patch changed how authentication was done with CredSSP and created “stricter” rules for server-client communication.
What error did the patch throw up?
On 8th May 2018, an update was made to correct how CredSSP validated requests during the authentication process.
Further, Microsoft found a CredSSP error during RDP and found a fix for the vulnerability by mandatorily requiring both the client and server computers to install the patch.
The error below is due to the Windows patch update not being installed on the server or the client computer.
An authentication error has occurred.The function requested is not supportedRemote computer: <computer name="">This could be due to CredSSP encryption oracle remediation.For more information, see the link To do the CredSSP authentication RDP fix, you need to uninstall the update and roll back to an older version.
But rolling back to an old version is not a best practice!
After all, the patch was installed to provide enhanced security. You can fix this by changing the group policy in the local computer to use the vulnerable setting. Here’s how:
Step 1: First, go to “Run” (Win Key + R)
Step 2: Then, type “gpedit.msc” and click “Enter”.
Computer Configuration -> Administrative Template -> System -> Credentials Delegation -> Encryption Oracle Remediation
Step 4: Double Click on “Encryption Oracle Remediation”.
Step 5: Lastly, choose “Enable” and change the protection level to “Vulnerable” and click “Apply” or “Ok”.
There’s another way to fix the CredSSP error RDP!
You can also fix the issue with the help of a Windows Registry Editor.
Step 1: First, open Windows Registry by typing “regedit” in “Run”.
Step 2: Next navigate to Computer -> HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Policies -> System -> CredSSP -> Parameters.
Computer -> HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Policies -> System -> CredSSP -> Parameters.
Step 3: Lastly, doubleclick on the Key “Allow Encryption” Change the value to “2”.
| Operating system | TSpkg.dll version with CredSSP update | Operating system TSpkg.dll version with CredSSP update CredSSP update |
|---|---|---|
| Windows 7 Service Pack 1 / Windows Server 2008 R2 Service Pack 1 6.1.7601.24117 KB4103718 (Monthly Rollup) | 6.1.7601.24117 | KB4103718 (Monthly Rollup) KB4103712 (Security-only update) |
| Windows Server 2012 | 6.2.9200.22432 | KB4103730 (Monthly Rollup) KB4103726 (Security-only update) |
| Windows 8.1 / Windows Sever 2012 R2 | 6.3.9600.18999 | KB4103725 (Monthly Rollup) KB4103715 (Security-only update) |
| RS1 – Windows 10 Version 1607 / Windows Server 2016 | 10.0.14393.2248 | KB4103723 |
| RS2 – Windows 10 Version 1703 | 10.0.15063.1088 | KB4103731 |
| RS3 – Windows 10 1709 | 10.0.16299.431 | KB4103727 |
Conclusion
We hope we were able to tell you all about the CredSSP error and answer your search for
“how do you fix CredSSP?”
In conclusion, the rollback for the patch still exposes the server-client communication in an RDP with CredSSP. Therefore, the man-in-the-middle attack is still possible. Hence, the only way is out is for both servers and clients to install the patch.
Lastly, for any technical assistance to fix the CredSSP Authentication Error in RDP, reach out to SysAlly. We’re among the world’s leading server-side tinkerers and would love to get our hands on any problems you may have. Moreover, check us out for more cloud-based solutions today.
Adios!
Cloud
