Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, May 9, 2018 5:32 PM
After Windows Update, yesterday, I could not connect to a remote host via RDP any more (and I could connect útil before updates)
I receive this erorr:
An Authentication error has occurred
The function request is not supported
Remote cometer: x.x.x.x (ip Address)
This could be due to CredSSP encryption Oracle remediation.
For more information see https://go.microsoft.com7fwlink/?linkid=866660
I tried to change registry Key AllowEncryptionOracle
in HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
But nothig change.
In my Windows 10 I have the error log:
Log Name: System
Source: LsaSrv
Date: 9/5/2018 10:29:54
Event ID: 6041
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JuanCC-NB
Description:
A CredSSP authentication to TERMSRV/X.X.X.X (ip Address) failed to negotiate a common protocol version. The remote host offered version 3 which is not permitted by Encryption Oracle Remediation.
See https://go.microsoft.com/fwlink/?linkid=866660 for more information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LsaSrv" Guid="{199fe037-2b82-40a9-82ac-e1d46c792b99}" EventSourceName="LsaSrv" />
<EventID Qualifiers="0">6041</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-05-09T13:29:54.346514200Z" />
<EventRecordID>6026</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>JuanCC-NB</Computer>
<Security />
</System>
<EventData>
<Data>TERMSRV/172.16.4.143</Data>
<Data>3</Data>
</EventData>
</Event>
What should I change in remote Machine?
I have problems accessing to a Windows 10 and to Windows Server 2012 R2
Thanks in advanced
Best Regards
JuanCC Technology Specialist
All replies (7)
Sunday, May 13, 2018 7:13 AM ✅Answered
Hi JuanCC,
i also faced the same issue, you need to check this
Thursday, May 10, 2018 4:01 AM | 1 vote
Hi,
Have a look in your Documents folder, there is a Default.rdp hidden file (enable Hidden Items on the View toolbar in File Explore if needed to see it) Delete that file and new will be created on next connection, try that.
Also check this article for assistance. Try install Domain Controller Certificate on the domain controller for the user’s credential verification. No need to disable NLA.
An Authentication error has occurred. The Function requested is not supported.
https://itluke.online/2018/03/29/solved-authentication-error-function-not-supported/
Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
Tao
Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected].
Sunday, May 13, 2018 1:53 PM
JuanCC, Did you follow the more information link ? https://go.microsoft.com/fwlink/?linkid=866660
Monday, May 14, 2018 4:34 PM | 1 vote
You need to make sure both your workstations and servers are patched with the March CredSSP patch. On May Patch Tuesday, Microsoft released a patch that basically enforces the March patch, so if your workstation got the May patch but you're trying to connect to servers that haven't received the March patch, you'll get this error.
As a workaround, you can push a Group Policy out or edit a registry key locally, but neither one of those is considered a long-term permanent solution.
You can read - How to Fix Authentication Error Function Not Supported CredSSP Error RDP for more information on the Group Policy and registry key.
For the Group Policy, you'll need the ADMX files from a patched server. In the article above, there's a link to those files from a patched Windows 2012 R2 server which should work.
Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation Setting name: Encryption Oracle Remediation
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
"AllowEncryptionOracle"=dword:00000002
Tuesday, May 22, 2018 12:49 AM
RBRussell has it right but likely meant to say
- "You need to make sure both your workstations and servers are patched with the May CredSSP patch"
The May 10th Updates changed the default value for Encryption Oracle Remediation from Vulnerable to Mitigated. Patched clients communicating with unpatched servers results in a blocked configuration.
See the interop matrix @ the bottom of KB 4093492 and focus on that and other client / server configurations that result in blocked configurations.
Thursday, May 24, 2018 9:36 AM
sorted my problem, many thanks
Wednesday, May 30, 2018 3:22 AM | 9 votes
use this link:
https://gallery.technet.microsoft.com/Remote-desktop-authenticati-a9f4b9f8