Skip to main content

Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation

To resolve a vulnerability issue with Credential Security Support Provider protocol (CredSSP), a monthly Windows update in May was applied which does two things:
1.       Correct how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process
2.       Change the group policy Encryption Oracle Remediation default setting from Vulnerable to Mitigated.
This RDP authentication issue can occur if the local client and the remote host have differing Encryption Oracle Remediation settings that define how to build an RDP session with CredSSP. If the server or client have different expectations on the establishment of a secure RDP session the connection could be blocked. There is the possibility that the current default setting could change from the tentative update and therefore impact the expected secure session requirement.

Examples:
1.       If the client is updated and you try to RDP to an Azure VM that was not updated, then it will be blocked and see the error message.
2.       If the client is not patched while server is updated, RDP can still work. But the session will be exposed to the attack.
3.       If both client & server are patched with default setting (Mitigated), RDP will work in a secure way.
References:
Resolution/ Fix
Ensure both client & server side have latest patch installed so that RDP can be established in a secure way.
You can find the list of the corresponding KB number for each operating system here: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886
If you cannot RDP to  VMs from your patched client, we can consider changing the policy settings on the client to temporarily gain RDP access to the servers. You can change the settings in Local Group Policy Editor. Execute gpedit.msc and browse to Computer Configuration / Administrative Templates / System / Credentials Delegation in the left pane:
Change the Encryption Oracle Remediation policy to Enabled, and Protection Level to Vulnerable:
Labels:

Comments

Post a Comment

Popular posts from this blog

IIS, There was an error when trying to connect. Do you want to retype your credentials and try again?

IIS 8 error on windows server 2012 insufficient permission There was an error when trying to connect. Do you want to retype your credentials and try again? Details: Filename: \?\C:Windows\system32\inetsrv\config\redirection.config Error: Cannot read configuration file due to insufficient permissions screenshot: Solution: Steps to short out this issue: go to C:\Windows\Microsoft.Net\Framework64\v2.0.50727\CONFIG\machine.config here you got the redirection tag like the below <configurationredirection enabled="true" password="[enc:IISCngProvider:X0ObCWwZ4+PrTHiFVPtzFeCcL8u5P6KUOYfo1/0QrgZWATA5pKWqHvD8nL2crNJKyyqr4z/rBdLPjdRcaLxAMMj4l+lvp5EXXKSXueolvyGa34F4QZfbBVCM6oVNcq3M368TOTVjJv4POVFQWvu0MDVlGgReglXB+Lw5BRI4Htw=:enc]" path="C:\Windows\System32\inetsrv\config\import\" username="Administrator"> </configurationredirection"></li"> you need to change this to <configurationRedirection /> Th...
1 comment
Read more

Plesk - Upgrade the .net Framework to 4.7.2 OR 4.8

 Steps to Upgrade the .net Framework to 4.7.2 OR 4.8 1. First Download the .NET Framework from https://dotnet.microsoft.com/download/dotnet-framework   2. Install on the Server. 3. Login to the Plesk and go to "Tools & Settings" > "Server Components" and refresh the components using the refresh button 4. After update, it will reflect in "Web Script" section at the server component page. All done!!!
Post a Comment
Read more