none
Remote Desktop Authentication Error Has Occurred. The function requested is not supported.

    質問

  • Since the Microsoft Security Patch on Tuesday, we've received many reports of users having connection problems like this:

    An authentication error has occurred.
    The function requested is not supported
    
    Remote computer: <computer name="">
    This could be due to CredSSP encryption oracle remediation.
    For more information, see https:/go.microsoft.com/fwlink/?linkid=866660

    The error impacts:

    • Remote Desktop Connection
    • Remote Desktop Connecting to Azure VMs
    • VPN Network Connections (before one can even try to use Remote Desktop)

    This is quite a mess and seems to be related to the security patch increasing security requirements, but not implementing the change to give the machine the increased security levels. The latter doesn't seem to occur if the machine has automated Windows Updates turned off.

    Unfortunately, Windows Update can't be automated in many environments such as development, build, test, staging and production without creating other problems.

    Wrote a blog post about our findings so far with a workaround on how to reduce Remote Desktop security settings to get around this problem. It doesn't require touching registry settings or other complicated steps:

    Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP

    Would appreciate any insight on handling this across an enterprise without manually modifying the connecting and host machines.

    A common scenario is a person working from home not being able to connect to their own computer in the office or a VM.

    Thanks.


    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter


    2018年5月11日 12:50

すべての返信

  • Thank you!!!
    2018年5月11日 20:25
  • You're welcome. What was your situation?

    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter

    • 回答の候補に設定 kk92009 2018年5月15日 2:37
    2018年5月12日 12:21
  • Good information, but unfortunately my home PC is running the HOME version of Windows 10 and the RDP settings window does not offer the options shown in the workaround link.
    2018年5月13日 14:23
  • Thank you for sharing.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年5月14日 5:41
  • Have this issue as well in our environment.  Typical untested patch that makes a headache for large groups of people.  Very irresponsible of the patch team.

    Remove the tick from the "Allow connections only from computers running Remote Desktop with Network Level Authentication" got us working again

    Windows Desktop Client to Server 2012 R2

    2018年5月14日 7:13
  • Or you can just uninstall update KB4103725 
    https://support.microsoft.com/bg-bg/help/4103725/windows-81-update-kb4103725

    worked for me

    2018年5月14日 9:43
  • Thanks for sharing..

    it works with me after following this instruction https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

    we have big headache after KB4103725 patched get installed on clients win8. so should i update the kb4103725 on RDP host server 2012 r2 as well or wait for any further security kb? 

    2018年5月14日 12:06
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    • 回答の候補に設定 vor0nwe 2018年5月16日 10:22
    2018年5月14日 13:40
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable àApply

    Thanks and Regards,

    Regu



    • 回答の候補に設定 RedITAdmin 2018年5月18日 14:47
    2018年5月14日 13:41
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    This fixed it for me, thank you!

    Windows 10 Pro --> Logging into a Windows server 2012 R2 on a domain

    2018年5月14日 14:21
  • Is this the same as the user changing their Remote Desktop setting from the dialog box that we suggested?

    Going into gpedit.msc is much more intimidating, and I don't think end users are allowed to do that.


    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter

    2018年5月14日 14:34
  • You need to make sure both your workstations and servers are patched with the March CredSSP patch.  On May Patch Tuesday, Microsoft released a patch that basically enforces the March patch, so if your workstation got the May patch but you're trying to connect to servers that haven't received the March patch, you'll get this error.

    As a workaround, you can push a Group Policy out or edit a registry key locally, but neither one of those is considered a long-term permanent solution.

    You can read - How to Fix Authentication Error Function Not Supported CredSSP Error RDP for more information on the Group Policy and registry key.

    For the Group Policy, you'll need the ADMX files from a patched server.  In the article above, there's a link to those files from a patched Windows 2012 R2 server which should work.

    Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation Setting name: Encryption Oracle Remediation 

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
    "AllowEncryptionOracle"=dword:00000002

    • 回答の候補に設定 Waterman981 2018年5月14日 21:12
    2018年5月14日 16:37
  • Are those instructions for end users or administrators?

    Most users can't change registry settings on their own, much less the HKLM hive.

    They can change the check box on the Remote Desktop dialog.

    If it's a setting on the network that's changed, will that support people's home PCs and devices they use to remote into their office PC?


    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter



    2018年5月14日 16:39
  • Hi and thanks for your observations.

    Don't you think its ironic that the security patch enforced on us poor sods forces one to operate in a less secure manner and the eta of the patch for the patch is unknown. Thanks again Microsoft, you bunch of gimps.

    KillerWombat

    2018年5月14日 22:36
  • its worked for me Thanks 
    2018年5月15日 9:29
  • This worked for me. Thanks!
    2018年5月15日 10:30
  • Thanks! Worked for me.
    2018年5月15日 16:21
  • Thanks . Worked for me. I am using Azure. Worked on both WIndows 10 and WIndows 7 devices.
    2018年5月15日 19:01
  • Hi Luke,

    Regu Sankar's solution using gpedit.msc is not the same as your solution for the following reason:

    I was able to use gpedit.msc on my local client (which fixed the issue), whereas I was NOT able to open the system properties on the server, because that's a VM running in Azure.

    To change the server's system properties, I would need to connect to that machine via Remote Desktop. See the problem?


    • 編集済み vor0nwe 2018年5月16日 10:35
    2018年5月16日 10:34
  • Thank you for this article, Luke.

    In my user's case, the issue was resolved by updating Windows 10 to the most current version (16299.431 as of today, May 16th, 2018). The machine was missing 2018-05 Cumulative Security Update 1709 - KB4103727. My own Windows 10 box was able to connect to the RDP computer without issue, which helped to lead me in the direction of checking revisions. Being more current, my machine had no problem connecting to the RDP machine. I did not want to reduce the security by unchecking the box for Network Level Authentication, so I was glad that Windows updates fixed this.

    Best regards,

    Philip Schember
    Senior IT Technician
    University of Tennessee

    2018年5月16日 14:44
  • excellent...working properly
    2018年5月17日 8:34
  • I see all of the solutions only if you able to access windows server. RDP access was the only way I could manage the server. What should I do now, I am getting this message and cannot access the server any advice ?
    2018年5月17日 15:29
  • This worked for me.  

    I installed the Windows 10 "Upgrade" to the latest version, which shows to be Version 1709, build 16299.431.  After that update completed, I received this authentication error.  Using the Fix first posted by Regu Sankar, it worked immediately.  

    So thank you, Regu!

    2018年5月17日 16:17
  • Hi All,

    I just provisioned a Windows Server 2012 R2 server in Azure. Everything has installed properly. I can see the boot screen. I cannot RDP to the newly provisioned server from a Windows 7 Enterprise RDP Client. 

    It is not showing the CredSSP part of the message.

    Thanks,

    Ken

    2018年5月17日 18:52
  • My ability to remote in stopped this week when the update caused the error you mentioned in the original post. My Remote settings were actually already set the way that you suggested - I checked that first per your suggestion.

    I wanted you to know that the fix that worked for me was going into gpedit.msc as suggested by Regu. I was one of those employees/end users who needed to remote in from home, and as you mentioned, I wasn't sure I'd have the permissions to go in there, but it turns out that I did.  

    Thank you for starting this discussion because in it I found a solution to my issue. I hope my feedback helps you or someone else.

    2018年5月18日 2:53
  • It works for me.

    Windows 7 connecting to Windows Server 2016 error.

    Solution:

    In the server you are connecting(in my case winserver 2016) uncheck the "Allow Connections only from computers running Remote Desktop with Network level Authentication(recommended)".

    <img alt="System Properies -> Remote tab -> Uncheck" src="http://blog.fmsinc.com/wp-content/uploads/2018/05/remote-windows10.png" />

    2018年5月18日 6:34
  • OK!
    I think I have fixed the issue for me, so let me tell you what I did as it may help others.

    Seeing that 'windows update KB4103725' was a bad release and it was released on the 5/8/18. None of the advice I found worked.

    1) Change:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
    "AllowEncryptionOracle"=dword:00000002
    (isn't there in windows 7)

    2) Remove:

    Remove the tick from the "Allow connections only from computers running Remote Desktop with Network Level Authentication"
    (isn't there in windows 7)

    3) Delete:

    Delete windows update 'KB4103725'
    (isn't there in windows 7)

    4) Click the tick:

    Click the tick from the "Allow connections from computers running any version of Remote Desktop"
    (as shown at:
    http://blog.fmsinc.com/remote-desktop-authentication-error-function-requested-is-not-supported-credssp/
    ,but isn't there on my windows 7)


    Finally I saw a windows update 'KB4103718' which was installed on my computer on 5/9/18. As it looked similar to 'KB4103725', I deleted it and restarted my computer. I could then connect!
    2018年5月18日 6:47
  • Thanks!
    2018年5月18日 7:09
  •  This Fix worked for me. Thank you.

      

    2018年5月18日 10:01
  • This worked for me! Thanks so much! .....now back to work!
    2018年5月18日 14:48
  • Thanks Regu, this fixed it for me.
    2018年5月18日 17:33
  • Do you know if it applies to Windows Server 2016 and / or Windows Server 2012R2?

    For your  help and time, thanks.

    2018年5月18日 18:57
  • Similar circumstances in my workplace following the Tuesday updates.  Post any attempts at resolution to this.  
    2018年5月18日 20:08
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    This one fixed my problem. Thanks.
    2018年5月18日 22:56
  • Thanks, fixed my problem
    4 時間 45 分前