A recent security update released for Windows 10 documented in the KB4103727, affects the RDP functionality causing an RDP connection failure to the target machine showing an error related to CredSSP encryption oracle remediation.
CredSSP (Credential Security Support Provider ) protocol is an authentication provider that processes authentication requests for other applications. This error occours when an updated Windows 10 machine tries to RDP an unpatched Windows Server.
RDP connection issue
The error occours when you try to establish an RDP connection to a target server not yet patched with the CredSSP update.
After entering the credentials, you receive this error message.
Although you should patch both clients and servers of your network to avoid this issue and for security reasons, a provisional workaround to allow RDP connections from a Windows 10 client is to edit the registry and modify the AllowEncryptionOracle key as follows:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] “AllowEncryptionOracle”=dword:00000002
Open the Registry Editor and locate the specified registry key. Double click the AllowEncryptionOracle REG_DWORD and enter 2 as Value data, then click OK to save the configuration.
After modifying the registry, the Windows 10 client will be able to successfully RDP the target unpatched server.
