none
Remote Desktop Authentication Error Has Occurred. The function requested is not supported.

    質問

  • Since the Microsoft Security Patch on Tuesday, we've received many reports of users having connection problems like this:

    An authentication error has occurred.
    The function requested is not supported
    
    Remote computer: <computer name="">
    This could be due to CredSSP encryption oracle remediation.
    For more information, see https:/go.microsoft.com/fwlink/?linkid=866660

    The error impacts:

    • Remote Desktop Connection
    • Remote Desktop Connecting to Azure VMs
    • VPN Network Connections (before one can even try to use Remote Desktop)

    This is quite a mess and seems to be related to the security patch increasing security requirements, but not implementing the change to give the machine the increased security levels. The latter doesn't seem to occur if the machine has automated Windows Updates turned off.

    Unfortunately, Windows Update can't be automated in many environments such as development, build, test, staging and production without creating other problems.

    Wrote a blog post about our findings so far with a workaround on how to reduce Remote Desktop security settings to get around this problem. It doesn't require touching registry settings or other complicated steps:

    Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP

    Would appreciate any insight on handling this across an enterprise without manually modifying the connecting and host machines.

    A common scenario is a person working from home not being able to connect to their own computer in the office or a VM.

    Thanks.


    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter


    2018年5月11日 12:50

回答

  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    • 回答の候補に設定 vor0nwe 2018年5月16日 10:22
    • 回答としてマーク LukeChungMVP 2018年5月24日 18:29
    2018年5月14日 13:40

すべての返信

  • Thank you!!!
    2018年5月11日 20:25
  • You're welcome. What was your situation?

    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter

    • 回答の候補に設定 kk92009 2018年5月15日 2:37
    2018年5月12日 12:21
  • Good information, but unfortunately my home PC is running the HOME version of Windows 10 and the RDP settings window does not offer the options shown in the workaround link.
    2018年5月13日 14:23
  • Thank you for sharing.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年5月14日 5:41
  • Have this issue as well in our environment.  Typical untested patch that makes a headache for large groups of people.  Very irresponsible of the patch team.

    Remove the tick from the "Allow connections only from computers running Remote Desktop with Network Level Authentication" got us working again

    Windows Desktop Client to Server 2012 R2

    • 回答の候補に設定 thomfl 2018年5月30日 16:23
    2018年5月14日 7:13
  • Or you can just uninstall update KB4103725 
    https://support.microsoft.com/bg-bg/help/4103725/windows-81-update-kb4103725

    worked for me

    2018年5月14日 9:43
  • Thanks for sharing..

    it works with me after following this instruction https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

    we have big headache after KB4103725 patched get installed on clients win8. so should i update the kb4103725 on RDP host server 2012 r2 as well or wait for any further security kb? 

    2018年5月14日 12:06
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    • 回答の候補に設定 vor0nwe 2018年5月16日 10:22
    • 回答としてマーク LukeChungMVP 2018年5月24日 18:29
    2018年5月14日 13:40
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable àApply

    Thanks and Regards,

    Regu



    • 回答の候補に設定 RedITAdmin 2018年5月18日 14:47
    2018年5月14日 13:41
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    This fixed it for me, thank you!

    Windows 10 Pro --> Logging into a Windows server 2012 R2 on a domain

    2018年5月14日 14:21
  • Is this the same as the user changing their Remote Desktop setting from the dialog box that we suggested?

    Going into gpedit.msc is much more intimidating, and I don't think end users are allowed to do that.


    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter

    2018年5月14日 14:34
  • You need to make sure both your workstations and servers are patched with the March CredSSP patch.  On May Patch Tuesday, Microsoft released a patch that basically enforces the March patch, so if your workstation got the May patch but you're trying to connect to servers that haven't received the March patch, you'll get this error.

    As a workaround, you can push a Group Policy out or edit a registry key locally, but neither one of those is considered a long-term permanent solution.

    You can read - How to Fix Authentication Error Function Not Supported CredSSP Error RDP for more information on the Group Policy and registry key.

    For the Group Policy, you'll need the ADMX files from a patched server.  In the article above, there's a link to those files from a patched Windows 2012 R2 server which should work.

    Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation Setting name: Encryption Oracle Remediation 

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
    "AllowEncryptionOracle"=dword:00000002

    • 回答の候補に設定 Waterman981 2018年5月14日 21:12
    2018年5月14日 16:37
  • Are those instructions for end users or administrators?

    Most users can't change registry settings on their own, much less the HKLM hive.

    They can change the check box on the Remote Desktop dialog.

    If it's a setting on the network that's changed, will that support people's home PCs and devices they use to remote into their office PC?


    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter



    2018年5月14日 16:39
  • Hi and thanks for your observations.

    Don't you think its ironic that the security patch enforced on us poor sods forces one to operate in a less secure manner and the eta of the patch for the patch is unknown. Thanks again Microsoft, you bunch of gimps.

    KillerWombat

    2018年5月14日 22:36
  • its worked for me Thanks 
    2018年5月15日 9:29
  • This worked for me. Thanks!
    2018年5月15日 10:30
  • Thanks! Worked for me.
    2018年5月15日 16:21
  • Thanks . Worked for me. I am using Azure. Worked on both WIndows 10 and WIndows 7 devices.
    2018年5月15日 19:01
  • Hi Luke,

    Regu Sankar's solution using gpedit.msc is not the same as your solution for the following reason:

    I was able to use gpedit.msc on my local client (which fixed the issue), whereas I was NOT able to open the system properties on the server, because that's a VM running in Azure.

    To change the server's system properties, I would need to connect to that machine via Remote Desktop. See the problem?


    • 編集済み vor0nwe 2018年5月16日 10:35
    2018年5月16日 10:34
  • Thank you for this article, Luke.

    In my user's case, the issue was resolved by updating Windows 10 to the most current version (16299.431 as of today, May 16th, 2018). The machine was missing 2018-05 Cumulative Security Update 1709 - KB4103727. My own Windows 10 box was able to connect to the RDP computer without issue, which helped to lead me in the direction of checking revisions. Being more current, my machine had no problem connecting to the RDP machine. I did not want to reduce the security by unchecking the box for Network Level Authentication, so I was glad that Windows updates fixed this.

    Best regards,

    Philip Schember
    Senior IT Technician
    University of Tennessee

    2018年5月16日 14:44
  • excellent...working properly
    2018年5月17日 8:34
  • I see all of the solutions only if you able to access windows server. RDP access was the only way I could manage the server. What should I do now, I am getting this message and cannot access the server any advice ?
    2018年5月17日 15:29
  • This worked for me.  

    I installed the Windows 10 "Upgrade" to the latest version, which shows to be Version 1709, build 16299.431.  After that update completed, I received this authentication error.  Using the Fix first posted by Regu Sankar, it worked immediately.  

    So thank you, Regu!

    2018年5月17日 16:17
  • Hi All,

    I just provisioned a Windows Server 2012 R2 server in Azure. Everything has installed properly. I can see the boot screen. I cannot RDP to the newly provisioned server from a Windows 7 Enterprise RDP Client. 

    It is not showing the CredSSP part of the message.

    Thanks,

    Ken

    2018年5月17日 18:52
  • My ability to remote in stopped this week when the update caused the error you mentioned in the original post. My Remote settings were actually already set the way that you suggested - I checked that first per your suggestion.

    I wanted you to know that the fix that worked for me was going into gpedit.msc as suggested by Regu. I was one of those employees/end users who needed to remote in from home, and as you mentioned, I wasn't sure I'd have the permissions to go in there, but it turns out that I did.  

    Thank you for starting this discussion because in it I found a solution to my issue. I hope my feedback helps you or someone else.

    2018年5月18日 2:53
  • It works for me.

    Windows 7 connecting to Windows Server 2016 error.

    Solution:

    In the server you are connecting(in my case winserver 2016) uncheck the "Allow Connections only from computers running Remote Desktop with Network level Authentication(recommended)".

    <img alt="System Properies -> Remote tab -> Uncheck" src="http://blog.fmsinc.com/wp-content/uploads/2018/05/remote-windows10.png" />

    2018年5月18日 6:34
  • OK!
    I think I have fixed the issue for me, so let me tell you what I did as it may help others.

    Seeing that 'windows update KB4103725' was a bad release and it was released on the 5/8/18. None of the advice I found worked.

    1) Change:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
    "AllowEncryptionOracle"=dword:00000002
    (isn't there in windows 7)

    2) Remove:

    Remove the tick from the "Allow connections only from computers running Remote Desktop with Network Level Authentication"
    (isn't there in windows 7)

    3) Delete:

    Delete windows update 'KB4103725'
    (isn't there in windows 7)

    4) Click the tick:

    Click the tick from the "Allow connections from computers running any version of Remote Desktop"
    (as shown at:
    http://blog.fmsinc.com/remote-desktop-authentication-error-function-requested-is-not-supported-credssp/
    ,but isn't there on my windows 7)


    Finally I saw a windows update 'KB4103718' which was installed on my computer on 5/9/18. As it looked similar to 'KB4103725', I deleted it and restarted my computer. I could then connect!
    2018年5月18日 6:47
  • Thanks!
    2018年5月18日 7:09
  •  This Fix worked for me. Thank you.

      

    2018年5月18日 10:01
  • This worked for me! Thanks so much! .....now back to work!
    2018年5月18日 14:48
  • Thanks Regu, this fixed it for me.
    2018年5月18日 17:33
  • Do you know if it applies to Windows Server 2016 and / or Windows Server 2012R2?

    For your  help and time, thanks.

    2018年5月18日 18:57
  • Similar circumstances in my workplace following the Tuesday updates.  Post any attempts at resolution to this.  
    2018年5月18日 20:08
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    This one fixed my problem. Thanks.
    2018年5月18日 22:56
  • Thanks, fixed my problem
    2018年5月20日 9:36
  • This worked for me (Windows 10 Pro).

    Thanks a lot "Ragu Sankar".


    2018年5月20日 20:00
  • Thank you, this fix for me.

    Alin Lam

    2018年5月21日 6:01
  • I've updated my blog post with the information shared here about editing Group Policy and setting it to Vulnerable. It's an option if you can't modify the target PC/VM, and have administrator rights to your PC.

    The update includes screenshots and step-by-step instructions for doing so: 

    Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP Workaround

    Sorry to see there are still so many people suffering from this problem in the second week. Hope it helps. 


    Luke Chung
    Microsoft MVP
    President of FMS, Inc.
    Blog Facebook Twitter



    2018年5月21日 16:17
  • Thanks

    This worked for me..

    "

    Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection levelàVulnerable à Apply

    Thanks and Regards,

    Regu"

    • 編集済み VaGangal 2018年5月21日 18:45
    2018年5月21日 18:44
  • Thank you!
    2018年5月21日 20:57
  • Not a fix if you're running Windows 10 Home.
    2018年5月22日 16:39
  • I think the this is the best solution since you don't need to reboot your desktop. Thank you Regu!
    2018年5月22日 22:13
  • This Fixed the issue for me too... 
    Super thanks!!!
    2018年5月24日 11:35
  • Worked great thanks.
    2018年5月24日 17:29
  • I was locked out of one VM Host machine and one VM on another host, Regu's fix worked for me. Thank you!

    I did remove the KB4103718, but it had no effect.

    2018年5月24日 18:28
  • https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886

    Depend on which operating system you have.

    2018年5月25日 12:08
  • Hiu Guys.

    Thanks you for share this info.

    It worked for me.

    Client Win7/10 to connect Win Srv 2012/2012R2.

    Have a Niece Day.

    "Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection levelàVulnerable à Apply "

    2018年5月25日 21:19
  • thanks 

    2018年5月26日 10:04
  • Guys, when specifying fixes, please clearly state if the specific fixes/workarounds pertain to the client or the server.   My understanding is that unchecking NLA pertains to the server, not the client.

    I'm assuming that the 5/16 update pertains to the client, since it was mentioned to be a Win10 patch, not the server, correct?

    A consultant can't RDP into our servers which may be behind in patches, but have NLA disabled throgh local GPO.
    I am unable to reproduce the problem but my personal Win10 desktop is fully patched and on build 1803.
    My laptop was on build 1709 and not yet having patches from 5/8 but after fully patching it, it will be on build 1803.   Our corporate Win10 workstations are managed by SCCM.  I suspect they are still on build 1709 and have received the 8/5 patch, so my tests are probably not exact to reproduce the problem.

    But with all these discussions/comments, many are lacking Win10 builds involved and if the recommended changes are to be applied to client or server.

    2018年5月27日 17:38
  • Thank you!
    2018年5月28日 3:45
  • Thanks a lot Philip Schember.

    It works for me (and for my team).

    2018年5月28日 9:53
  • Have this issue as well in our environment.  Typical untested patch that makes a headache for large groups of people.  Very irresponsible of the patch team.

    Remove the tick from the "Allow connections only from computers running Remote Desktop with Network Level Authentication" got us working again

    Windows Desktop Client to Server 2012 R2

    Yep sadly this level of garbage QA is typical of Microsoft in Win10. For Enterprise, Microsoft's current testing regime is a disaster. Visual Studio, Windows, Teams, Office all buggy, full of regressions. New Remote Desktop app is absolutely abysmal over another RDP. It's atrociously laggy - unusable. Plain vanilla upgrades of apps is a minefield. Stuff just doesn't work.
    • 編集済み MRR111 2018年5月29日 3:07
    2018年5月29日 3:03
  • Thanks Regu, that solved the problem for me.
    2018年5月29日 16:08
  • use this link:

    https://gallery.technet.microsoft.com/Remote-desktop-authenticati-a9f4b9f8

    • 回答の候補に設定 NICOLA FER 2018年6月7日 1:05
    2018年5月30日 3:21
  • Thank you. This solution worked for me. Hopefully, Microsoft will fix this patch soon. 
    2018年5月30日 21:35
  • Thanks... :)
    2018年5月31日 20:45
  • Thanks, That helped me.... Nice one
    2018年6月1日 14:37
  • This worked for me.

    Thank you

    2018年6月2日 6:24
  • Protection level Vulnerable didn't work, changing it to Mitigated worked for me
    • 編集済み Sujan00 2018年6月2日 14:53
    2018年6月2日 14:53
  • Or you can just uninstall update KB4103725 
    https://support.microsoft.com/bg-bg/help/4103725/windows-81-update-kb4103725

    worked for me


    This is the best and safest fix suggested so far, not compromising security like the other suggestions.

    And it works.

    Thank you.

    2018年6月5日 8:52
  • Hi and thanks for your observations.

    Don't you think its ironic that the security patch enforced on us poor sods forces one to operate in a less secure manner and the eta of the patch for the patch is unknown. Thanks again Microsoft, you bunch of gimps.

    KillerWombat

    Patch for the fix is KB4103725 as suggested above by Kristina Chitalovska
    2018年6月5日 8:55
  • Awesome!!! Worked for me!!! Don't know what caused the error thought, but I'm able to Remote in without any issues.

    Cesar Vazquez

    2018年6月5日 20:19
  • Thanks, this worked for me! 
    2018年6月6日 14:40
  • use this link:

    https://gallery.technet.microsoft.com/Remote-desktop-authenticati-a9f4b9f8

    Thank you. This solution worked for me
    2018年6月9日 8:07
  • Here is the FIX for this issue ..

    --> Change the Group Policy on your local client to use the vulnerable setting 

    Run:  gpedit.msc

    Go to à Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Encryption Oracle Remediation

    Open - Encryption Oracle Remediation à  choose Enable  à change protection level àVulnerable à Apply

    Thanks and Regards,

    Regu

    Thank you very much for the solution!
    2018年6月11日 4:59
  • Thank you for the solution
    2018年6月11日 7:42
  • Huge thanks for this - saved me lots of time and aggravation!

    Sarah.

    2018年6月13日 8:53
  • You dont necessarily have to RDP to remote machine when you can manage it using other methods (Powershell/Remote registry) to name a few.

    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2


    2018年6月13日 23:50
  • Thanks
    2018年6月13日 23:52
  • Tnx ! its work !! 
    2018年6月14日 7:13
  • It worked for me.

    Thank You !

    Raghvendra

    2018年6月15日 6:51
  • Thanks. works perfectly
    2018年6月21日 7:27
  • You should take into account that by applying your workaround, you're putting at risk the source and destination computer for the RDP connection.

    Microsoft suggests applying the pertinent Security Patch in both ends.

    There's an article from Microsoft for all the scenarios:

    CredSSP encryption oracle remediation

    Regards.


    • 編集済み fedayn2 2018年6月21日 9:56
    2018年6月21日 8:14
  • Thanks for sharing.

    It worked on Windows 8.1 64 bit

    Cheers

    2018年6月21日 13:03
  • its worked for me Thanks 
    2018年6月25日 13:01
  • instal in the server the respective KB

    2008 R2-> http://www.catalog.update.microsoft.com/Search.aspx?q=KB4103718
    2012 R2-> http://www.catalog.update.microsoft.com/Search.aspx?q=KB4103725

    2018年6月27日 14:37
  • This worked....!! thanks
    2018年6月29日 6:17
  • Legend! Thank you!
    2018年6月29日 22:21
  • thanks ...
    2018年7月2日 5:53
  • Great, this worked perfectly for me
    2018年7月4日 9:42
  • Thanks, It works

    2018年7月5日 12:11
  • Thank you very much , this did the trick

    Sdc

    2018年7月5日 14:12
  • This began happening after I upgraded my workstation to 1803.  After verifying the server(s) were updated (several were not), I was able to remote connect!

    Tim ...

    2018年7月5日 17:14
  • Amazing! Thank you
    2018年7月6日 11:32
  • Hi Regu

    Thanks a lot , your guidance fixed it my problem

    2018年7月6日 11:43
  • I don't see "Encryption Oracle Remediation" in Windows 10.
    2018年7月11日 21:55
  • I don't see "Encryption Oracle Remediation" option in my in Windows 7 gp.
    2018年7月12日 18:02
  • Dude you saved my life. Microsoft support team is useless...
    2018年7月14日 14:09
  • Thanks. It's worked to me.

    2018年7月16日 11:55
  • Worked perfectly. Thank you.
    2018年7月16日 17:46
  • Thank you so much!! this was driving me crazy for a while now!!
    2018年7月16日 20:51
  • Thanks. Worked like a charm!!
    2018年7月17日 7:18
  • Thanks!  This worked a treat.  
    2018年7月18日 10:14
  • This solution fixed my issue. Thanks you so much. 
    2018年7月19日 15:20
  • Worked perfectly, THANKS!!!
    2018年7月19日 17:56
  • Thank you so much.

    this method is working with windows server 2012 R2 also.

    thanks a lot

    T.A.


    sign.

    2018年7月20日 10:37
  • Which method are you referring to?

    Updating Windows Server with patches or doing the workaround?

    (I have too many servers and VMs to do the workaround on all of them.)

    2018年7月20日 17:52