none
Unable to connect DSVM after patching local machine RRS feed

  • Question

  • Hello,

    when attempting to connect to a new DSVM in my Azure subscription, I receive the following error message:

    "An authentication error has occurred.  The function requested is not supported

    Remote computer:xxx.xxx.xx.xxx

    This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660"

    I researched this a bit further and saw this article: https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

    It seems that there is a security mismatch between my local RDP Client and the RDP Server in the DSVM image.

    Could the author of the template please look into this issue?

    Thank you,

    Michael

    Friday, May 11, 2018 9:31 PM

All replies

  • Hi Michael,

    An update to the image is in progress. In the meantime, you can update existing VMs:

    1. You have to temporarily disable the security setting on your Windows 10 client from where you are RDPing to DSVM by this registry change: (Run as Administrator)

    REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /v AllowEncryptionOracle /t REG_DWORD /d 2

    1. After this you will be able to RDP to the DSVM from that client where you ran this above registry fix.
    1. Now, you should do a Windows update on the DSVM. By default your DSVM will report that Windows Updates are available. Please install all the cumulative updates and required updates (esp the 2018-05 Cumulative Update).
    2. After the reboots (and post installs after reboots) you may notice that you cannot RDP back to the DSVM. Now you have to set the security setting  to “Mitigated” on your client. You can run the following command on your client machine where you run your RDP client:

    REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /v AllowEncryptionOracle /t REG_DWORD /d 0

    There is also a detailed blog article on the issue and how to resolve it:

    https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/


    Monday, May 14, 2018 6:34 PM
    Owner