Remote Desktop Fails due to CredSSP Encryption Oracle Remediation

 A Windows Update released on the 8th of May 2018 disabled Oracle Based CredSPP Encryption. This renders you unable to connect to any systems which do not have the latest Windows Updates installed.

 

 

 

To fix this issue you can do two things:

1. Install the latest updates on the server. This of course cannot be done if you cannot access the server, and will require a reboot to complete any update installation.

2. Modify a setting on your local computer which will allow the oracle based encryption.

Create Batch File

FixCredSSP.bat

 reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2
Pause

 RollbackcredSSP.bat

reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 1
pause

Allowing Oracle Based Encryption

First you need to open an elevated command prompt. To do that click on the 'Windows Start' button and type: cmd

Then right click on the 'Command Prompt' option that will appear

The left click on 'Run as administrator'

 

 

 

You will be prompted with a security message asking are you sure. Click 'Yes'.

 

 

 

You will now see a regular command prompt window. You need to paste in the following command and press enter to execute it:

 

It will say: The operation completed successfully.

You will now be able to connect via RDP with no issues.

 

It is highly recommended that you do update your server with the latest updates, and if you wish you can then revert the setting to allow Oracle Encryption by opening an elevated command prompt and using the following command:

RollbackCredSSP.bat

reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 1