SharePoint Experts, Information Architects, Expert Witness

SICG provides a broad array of business and technology consulting from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. We focus on the "How", not just the possible. Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846 x704.

Search This Blog

Monday, May 28, 2018

Remote Desktop Access (On-Premise & Azure) Error "CredSSP Encryption Oracle Remediation"

So, recent update in Microsoft has broken RDP across the globe. It's not necessarily a server problem, but many (unfortunately) allow for Automatic Update on their laptop/desktop and Microsoft added this update without any notice. When you try to RDP (Remote Desktop Connection), the error is "CredSSP Encryption Oracle Remediation" - The error will look similar to this:



So, if you are using servers on-premise, the only fix is to a) run update on all systems you intend to use RDP with (laptops, desktops, etc.) then b) run update on ALL of the servers you intend to connect to. A REAL pain, but the only way to fix it properly. I know the pain - I had to spend an entire weekend running updates (some 'packaged' which always makes me nervous in what is actually in it) and test every server.

Now, if you are using Azure, you will come across the same error - this one is a bit tricky but fortunately, a post on this shows the fix:

https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

Mitigation 1 was my choice - if you use this, after completing the change, open a command window as Administrator and run:

gpupdate /force

You need permissions to do this OR you have to talk to your system administrator(s) and get a global change.

Use Mitigation 2 ONLY if you have to!

UPDATE: Microsoft's May 2018 Security Update will fix this permanently however a reboot is required so plan accordingly - look for KB4103725 to download if it doesn't work with Windows Update (we had to try on a few servers several times - only accessible through the Hyper-V and VMWare consoles so were down for quite awhile; update would fail after 20 minutes or so).

Post a Comment