Skip to content

ZEKİ SÜKÜT

IT dünyasında öğrenmek hiç bu kadar keyifli olmamıştı!

Primary Menu
  • VMWARE
    • VMware NSX
    • VMware vCloud Director
    • VMware vSAN
    • VMware vSphere
    • VMware vSphere ESXi
    • VMware vRealize
    • vSphere PowerCLI
    • VMware Problem & Çözüm
  • MICROSOFT
    • OFFICE 365
    • Active Directory
    • Microsoft Exchnage
    • SQL Server
    • SCCM
    • Microsoft Problem & Çözüm
  • EMC
    • Emc Storage
    • Data Domain
    • Avamar Backup
  • LINUX
  • SECURITY
  • YEDEKLEME
    • VEEAM B&R
    • VEEAM B&R Problem ve Çözüm
  • FABRIC SWITCH
  • STORAGE
  • PROJELERİMİZ
Canlı
  • MICROSOFT
  • Microsoft Problem & Çözüm

Remote desktop connection authentication error due to CredSSP encryption oracle remediation

zekisukut Ağustos 7, 2018

Windows RDP’de yaşadığınız sorunları belirtilen yöntemlerle çözebilirsiniz.

 

1.Yöntem

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 2

 

2.Yöntem

Recently, when connecting to another Windows machine with RD, I got the following RDP authentication error due to CredSSP encryption oracle remediation:

 

Windows client

Following the above link, and searching around, this seems caused by the client Windows is patched with a CredSSP (Credential Security Support Provider protocol) update for CVE-2018-0886, while the remote Windows is not. The solution is certainly patching the remote Windows. However, if you do not have the permission to patch the remote Windows (In this case, I am connecting to a build VM provided by AppVeyor), then you have to compromise the client.

Windows Pro Edition (with group policy editor)

The workable solution I found is to edit client Windows’ local group policy (gpedit.msc):

 

Under Computer Configuration -> Administrative Templates -> System -> Credentials Delegation, there is a setting “Encryption Oracle Remediation”. Its default value is “Not configured”. Just change it to “Enabled”, and set “Protection Level” as “Vulnerable”.

Windows 10:

 

Windows 7:

 

Now your remote desktop should be able to connect. Remember to revert the setting after you are done.

Windows Home Edition client (without above option)

If your Windows client does not have group policy editor or above “Oracle Remediation” option (like Windows Home Edition), then you can temporarily uninstall the security update patch in May 2018, KB41037XX:

  • on Windows 10 17134.48, it is KB4103721 : https://support.microsoft.com/en-au/help/4103721/windows-10-update-kb4103721
  • on Windows 10 16299.431, it is KB4103727: https://support.microsoft.com/en-us/help/4103727/windows-10-update-kb4103727
  • On Windows 7 it is KB4103718: https://support.microsoft.com/en-us/help/4103718/windows-7-update-kb4103718

etc.

Windows 10:

Windows 7:

 

Remember to reinstall it when you are done.

Windows server

In the comment area, @Rome mentioned that, on server side, this can be mitigated by disabling “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” in server’s system properties.

Windows Server 2016:

I strongly suggest not to compromise the server-side security, but mitigate it from client Windows temporarily. You should patch the server-side or ask server administrator to patch it.

Continue Reading

Previous: Active Directory Nedir ?
Next: CMD (Komut İstemi) ile Güncelleme Kaldırma

İlgili Yazılar

  • MICROSOFT
  • SQL Server

SQL Server Veritabanı dosyaları nelerdir ve nasıl yapılandırılması gerekir?

zekisukut Ekim 26, 2024
image
  • MICROSOFT
  • OFFICE 365

Exchange Online’da Tehlikeli Dosya Eklerini Engelleme

zekisukut Temmuz 17, 2024
  • MICROSOFT
  • OFFICE 365

Mail Konusuna Göre Mail Trafiğinin İzlenmesini Sağlayan Örnek Script

zekisukut Haziran 18, 2024

SON YAZILAR

  • Ubuntu Sistemlerde Disk boyutunu artırma – lvextend ve resize2fs kullanımı
  • API ile VMware SDDC Manager’da DNS nasıl değiştirilir
  • How to fix vSAN unmounted disks
  • İnternet olmadan vSAN HCL DB’nizi nasıl güncellenir
  • GPO ile Tarayıcı Şifre Yöneticilerini Devre Dışı Bırakma

Kategoriler

  • Active Directory
  • Avamar Backup
  • Data Domain
  • EMC
  • Emc Storage
  • FABRIC SWITCH
  • GLPI
  • LINUX
  • MICROSOFT
  • Microsoft Exchnage
  • Microsoft Intune
  • Microsoft Problem & Çözüm
  • OFFICE 365
  • One Drive
  • OpenSSL
  • RAID DISK
  • SCCM
  • SECURITY
  • SQL Server
  • STORAGE
  • VEEAM B&R
  • VEEAM B&R Problem ve Çözüm
  • VMWARE
  • VMware NSX
  • VMware Problem & Çözüm
  • VMware vCenter
  • VMware vCloud Director
  • VMware vSAN
  • VMware vSphere
  • VMware vSphere ESXi
  • vRealize
  • vSphere PowerCLI
  • WordPress

Kaçırdıklarınız

  • LINUX

Ubuntu Sistemlerde Disk boyutunu artırma – lvextend ve resize2fs kullanımı

zekisukut Şubat 12, 2025
image
  • VMWARE

API ile VMware SDDC Manager’da DNS nasıl değiştirilir

zekisukut Kasım 28, 2024
image
  • VMWARE
  • VMware vSAN

How to fix vSAN unmounted disks

zekisukut Kasım 28, 2024
image
  • VMWARE
  • VMware vSAN

İnternet olmadan vSAN HCL DB’nizi nasıl güncellenir

zekisukut Kasım 28, 2024
Telif Hakkı © Tüm hakları saklıdır. Zeki SÜKÜT | MoreNews by AF themes.