There was much shouting this morning when I realised that all of my RDP sessions were failing due to a pesky little error. They worked no problem at all yesterday, then I remembered .. windows updated last night!!
Said error was all but useless .. as everyone knows you can’t copy the url it shows in that dialog box.
A quick google resolved this with a very simple reg change.
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2
I ran this with elevated privilege on my Windows 10 desktop and as if by magic I can now RDP again.
There are more fixes coming both Client and Server to resolve this, but the reg change will keep me going until Microsoft release those.
Strangely, I had exactly the same problem this morning – but on a machine I’d virtualised overnight! Hadn’t even crossed my mind it was due to a Windoze update!
Thanks. You just saved me a bunch of time 🙂
You are the best! Thank you!
Hi Sharon,
Indeed, this registry key will “solve” the issue people are seeing, but, leaves the server vulnerable to CVE-2018-0886.
The best solution is to keep both server and client up-to-date with the latest security updates from MS. With this, no connectivity issues will rise and the vulnerability patched.
The registry setting is only a 2nd solution for cases where the Server or client cannot be updated, for example due to company policy for patching, or people working on multiple environments, which they don’t manage, …
In that case, the interoperability matrix in the following article shows which setting to use in which case.
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
Greetings!