Troubleshooting – RDP – CredSSP encryption oracle remediation

TroubleShoot_Oracle_CredSSP_Error
RDP – CredSSP oracle remediation error

This article will briefly talk about CredSSP Encryption Oracle Remediation. We will also discuss about the steps for Troubleshooting – RDP – CredSSP encryption oracle remediation error and the possible fixes.

We will also look at some temporary workarounds for Troubleshooting – RDP – CredSSP encryption oracle remediation error.

What does the “CredSSP encryption oracle remediation” error means?

This error occurs if you are trying to establish an insecure RDP connection, and the insecure RDP connection is blocked by an Encryption Oracle Remediation policy setting on the server or client. This setting defines how to build an RDP session by using CredSSP, and whether an insecure RDP is allowed.

Depicted below is the screenshot of the error:

TroubleShoot_Oracle_CredSSP_Error
RDP – CredSSP oracle remediation error

Fix for RDP – CredSSP encryption oracle remediation error

Fix# 1 for RDP – CredSSP encryption oracle remediation error

Install the CredSSP updates on the client and the server machines to enable secure RDP connection and resolve the CredSSP issue.

Complete list of Updates for “CredSSP encryption oracle remediation” error

Click here for the Updates list

Is rebooting the server a requirement after implementing the update?

Yes, Once you install the update successfully, you will have to reboot the server.

CredSSP Interoperability Matrix

CredSSP_Interoperability_Matrix
CredSSP Interoperability Matrix

What are the temporary Workaround(s) for “CredSSP encryption oracle remediation” error?

#1 – Temporary Workaround using Powershell – Add to TrustedHosts List

To temporarily allow RDP session between the client and the server, please run this PowerShell command on the client as a workaround.

Set-item wsman:\localhost\Client\TrustedHosts -value <IP>

#2 – Temporary Workaround using Registry – AllowEncryptionOracle

Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -name "AllowEncryptionOracle" 2 -Type DWord

# 3 – Temporary Workaround Using Registry – Disable NLA

The 3rd fix that you can try to remediate the CredSSP encryption oracle remediation error is to Disable Network Level Authentication (NLA).

On the machine that you are unable to connect to via RDP due to the CredSSP encryption oracle remediation error, run the following powershell command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "UserAuthentication" -Value 0