<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP

Published on
4,424 Points
424 Views
Last Modified:
Luke Chung
Helping people and organizations make better data based decisions to achieve their missions
Remote Desktop Connections and VPN Connections Fail. Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages on authentication when they try to remote to machines or VPN. Here's the cause, symptoms and simple workaround.

Remote Desktop Connections Fail


Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages like this when they tried to remote to machines they connected to successfully for a long time:



REMOTE DESKTOP CONNECTION ERROR

An authentication error has occurred.
The function requested is not supported 

Remote computer: <computer name> 
This could be due to CredSSP encryption oracle remediation.
For more information, see https:/go.microsoft.com/fwlink/?linkid=866660

The link goes to this page, https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018, and explains the Credential Security Support Provider protocol (CredSSP). It offers extensive information on a series of updates since March 2018. It recommends some steps but isn’t very clear what those changes are nor whether those changes are needed to be made by network administrators globally via group policies, or group policies on every PC and VM.


Caused by a Microsoft Security Patch


The Microsoft Security patch issued on Tuesday, May 8th triggered the problem by setting and requiring remote connections at the highest level:


Security update deployment information: May 08, 2018


Apparently, an automatic Windows patch to raise the security level is not implemented if the PC doesn’t allow automatic updates. This mismatch between the implementation of a security requirement (which is not optional) without the corresponding automatic update may be the source of this problem.


However, there are many situations such as development, testing, build, staging, and deployment environments that require a stable environment that would be violated by automatic updates.


We continue to research this.


Symptoms


The symptoms are rather strange because we found that some machines successfully connected while others didn’t.

For instance, we had a Windows 7 machine that hosted Remote Desktop. A Windows 7 PC had no problem connecting to it, but the same user connecting from a Windows 10 machine failed when that was never an issue before and the host machine allowed remote connection for years.


There are also reports of problems with Windows 10 machines connecting to Windows 10 machines, and people locked out of their Azure VMs.


Workaround


One could rollback the security update, but rather than risking other security problems, there’s a quick fix.


Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right click and select Properties, then click Change Settings, and go to the Remote tab.


From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”:



From Windows 7, it’s setting the option to the Less Secure option rather than More Secure:



Once these are set, users can remote to the machine again.


Hope this helps.



Additional Problem: Cannot Connect via VPN

We’ve discovered problems with VPN connection if the PC has Remote set to the higher security level.

The network connection fails with error: Cannot load the Remote Access Connection Manager service. Error 711:

Apparently, the Remote Desktop setting on the client side impacts its ability to connect via VPN to the host side. By lowering the setting to less secure for others to connect to the PC, the PC can now successfully connect to the VPN. What a mess


Our latest information is in my blog post: 

Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP

0
Comment
Author:Luke Chung
0 Comments

Featured Post

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Join & Write a Comment

Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month