CredSSP: RDP problem when not all the systems are update

In April 2018 Microsoft released an update to address a specific CVE that involve Credential Security Support Provider protocol (CredSSP): CVE-2018-0886 

This update was released for all the supported Windows Operating Systems. Even though I recommend to keep your server up to date, most of the customers don’t have automatic procedure to update the systems on regular basis (SCCM could be the right answer).

Here is where problems start.

Scenario

An update client with 2018-05 Update try to connect to a servers without the May update or vice versa a client without the update try to connect to a server with the May update installed.

In both situation the same error pop up:

An authentication error has occurred. The function requested is not supported. Remote computer: <computer name or IP>. This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660.

Read More