CredSSP problem

problem CredSSP
1 czerwca 2018
Jak wyłączyć NetBIOS przez TCP / IP i LLMNR przy użyciu GPO
16 stycznia 2019
problem CredSSP
1 czerwca 2018
Jak wyłączyć NetBIOS przez TCP / IP i LLMNR przy użyciu GPO
16 stycznia 2019

Alter last windos update to the systems below::

System
TSpkg.dll version with  CredSSP update
CredSSP Update
System Windows 7 /Service Pack 1 / Windows Server 2008 R2 / Service Pack 1 6.1.7601.24117 KB4103718
KB4103712
Windows Server 2012 6.2.9200.22432 KB4103730
KB4103726
Windows 8.1 / Windows Server 2012 R2 6.3.9600.18999 KB4103725
KB4103715
RS1 – Windows 10 1607 / Windows Server 2016 10.0.14393.2248 KB4103723
RS2 – Windows 10 1703 10.0.15063.1088 KB4103731
RS3 – Windows 10 1709 10.0.16299.431 KB4103727

 

we may encounter a problem / error that prevents us from establishing a remote desktop session. error message below:
An authentication error occurred. The requested function is not supported. Remote computer: <computer or IP> name. This could be due to CredSSP encryption oracle correcting.

The problem can be bypassed:

 

Scenario 1: Updated clients can not communicate with update servers

The most common scenario is that the client has the CredSSP update installed, and the Oracle Encryption Policy setting does not allow an unsecured RDP connection to the server that has the CredSSP update installed.
To work around this problem, follow these steps:

On the client computer, have CredSSP installed, run gpedit.msc, and then go to Computer Configuration> Administrative Templates> System> Delegate credentials in the navigation panel.
Change the Oracle Correction encryption policy to enabled, and then change the Security Sensitive Level.

If you can not use gpedit.msc, you can enter the same changes using the registry as follows:

Open the command prompt window as Administrator.
Run the following command to add the registry value: Command

 REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Scenario 2: -Updating clients can not communicate with patched servers

If the Windows Azure Virtual Machine is installed this update and is limited to receive-update clients, follow these steps to change the Oracle Ciphering Policy setting:
  1. On any Windows computer that has PowerShell installed, add it to the “trusted” list in the virtual machine’s IP host file: wsman:\localhost\Client\TrustedHosts-value< IP >
  2. Go to the Azure portal, locate the Virtual Machine, and then update the network security groups that allow PowerShell ports 5985 i 5986.
  3. On the Windows machine, connect to the virtual machine using the PowerShell environment: For HTTP protocol: $Skip = newPSSessionOption – SkipCACheck – SkipCNCheck Enter-PSSession – ComputerName “<< public IP >>”-“5985” – port credential (Get-Credential) – SessionOption $Skip for protocol HTTPS: $Skip = newPSSessionOption – SkipCACheck – SkipCNCheck Enter-PSSession – ComputerName “<< public IP >>”-“5986” – port credential (Get-Credential) $Skip – useSSL – SessionOption
  4. Run the following command to change the Oracle Cryptographic Correction policy setting using the Registry: Set ItemProperty-Path “HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters”-Nazwa “AllowEncryptionOracle” 2 – typu DWord