Error when RDP’ing from Windows 10 1803 to Windows 10 – CredSSP Encryption Oracle Remediation Error Fix

The other day I came across a seemingly out-of-the-blue error when trying to access the “Console” (via RDP) of some of my Hyper V VM’s. A March 13, 2018, update modifies the CredSSP authentication protocol and thus affects the Remote Desktop Client’s experience. I had just updated my local PC to the Spring 2018 update “1803”. I assumed the issue was related. I had other issues with my local Hyper V VM’s virtual network interfaces not functioning, too. However, in troubleshooting a staff’s home laptop which also got the “CredSSP Encryption Oracle” error, I realized this was a broader issue.

Essentially, the issue is that your update local PC has a patch for the CredSSP encryption vulnerability which changes the protocol. Meaning, your local PC won’t match the remote/host PC, thus, getting the aforementioned error.

There is a “workaround” to let your remote/host PC on the older CredSSP encryption protcol, while having your local PC updated… but that only patches the immediate issue you’re experiencing and I wouldn’t recommend doing that.

The best fix is to just update your remote/host with the latest required Windows Updates. Of course, this does present some difficulties for some users or organizations who are adverse to updating their systems too soon after an Update is released due to Microsoft’s known issues. And these updates, and 1803, ceratinly have some known-issues. My Hyper V VM NIC issue, as an example. (Though, I was able to work around that by recreating a Virtual NIC and assigning it to my few local VM’s. Though, that might be a bigger issue for true Hyper V hosts that actually host server/application VM’s)

These are the updates that include the fix for the CredSSP encryption vulnerability.

May 8, 2018 – KB4103721 (1803)
May 8, 2018 – KB4103727 (1709)
May 8, 2018 – KB4103731 (1703)
May 8, 2018 – KB4103723 (1609)

Leave a Reply

Your email address will not be published.