Windows RDP’de yaşadığınız sorunları belirtilen yöntemlerle çözebilirsiniz.

1.Yöntem

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 2

2.Yöntem

Recently, when connecting to another Windows machine with RD, I got the following RDP authentication error due to CredSSP encryption oracle remediation:

Windows client

Following the above link, and searching around, this seems caused by the client Windows is patched with a CredSSP (Credential Security Support Provider protocol) update for CVE-2018-0886, while the remote Windows is not. The solution is certainly patching the remote Windows. However, if you do not have the permission to patch the remote Windows (In this case, I am connecting to a build VM provided by AppVeyor), then you have to compromise the client.

Windows Pro Edition (with group policy editor)

The workable solution I found is to edit client Windows’ local group policy (gpedit.msc):

Under Computer Configuration -> Administrative Templates -> System -> Credentials Delegation, there is a setting “Encryption Oracle Remediation”. Its default value is “Not configured”. Just change it to “Enabled”, and set “Protection Level” as “Vulnerable”.

Windows 10:

Windows 7:

Now your remote desktop should be able to connect. Remember to revert the setting after you are done.

Windows Home Edition client (without above option)

If your Windows client does not have group policy editor or above “Oracle Remediation” option (like Windows Home Edition), then you can temporarily uninstall the security update patch in May 2018, KB41037XX:

on Windows 10 17134.48, it is KB4103721 : https://support.microsoft.com/en-au/help/4103721/windows-10-update-kb4103721
on Windows 10 16299.431, it is KB4103727: https://support.microsoft.com/en-us/help/4103727/windows-10-update-kb4103727
On Windows 7 it is KB4103718: https://support.microsoft.com/en-us/help/4103718/windows-7-update-kb4103718

etc.

Windows 10:

Windows 7:

Remember to reinstall it when you are done.

Windows server

In the comment area, @Rome mentioned that, on server side, this can be mitigated by disabling “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” in server’s system properties.

Windows Server 2016:

I strongly suggest not to compromise the server-side security, but mitigate it from client Windows temporarily. You should patch the server-side or ask server administrator to patch it.

Son Yazılar

This host currently has no management network redundancy

Status of other host hardware objects

Unable to apply DRS resource settings on host. This can significantly reduce the effectiveness of DRS.

Important Information on ESXi 7 Update 3

Invalid Type, expected String, instead got None Type

BROCADE CLEAR PORT STATS

vCenter Distributed Switch Host Ekleme (vDS)

vCenter Distributed Switch Oluşturma (vDS)

EMC Storage Disk Drive Firmware Upgrade

Office 365 Allow Block Domain ve mail adrress List

VMware PowerCLI ile E1000E ethernet kartını VMXNET3 olarak değiştirme

log disk exhaustion on 172

Remote desktop connection authentication error due to CredSSP encryption oracle remediation

Windows client

Windows Pro Edition (with group policy editor)

Windows Home Edition client (without above option)

Windows server