<

Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP

Published on
3,076 Points
76 Views
Last Modified:
Luke Chung
Helping people and organizations make better data based decisions to achieve their missions
Remote Desktop Connections and VPN Connections Fail. Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages on authentication when they try to remote to machines or VPN. Here's the cause, symptoms and simple workaround.

Remote Desktop Connections Fail


Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages like this when they tried to remote to machines they connected to successfully for a long time:



REMOTE DESKTOP CONNECTION ERROR

An authentication error has occurred.
The function requested is not supported 

Remote computer: <computer name> 
This could be due to CredSSP encryption oracle remediation.
For more information, see https:/go.microsoft.com/fwlink/?linkid=866660

The link goes to this page, https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018, and explains the Credential Security Support Provider protocol (CredSSP). It offers extensive information on a series of updates since March 2018. It recommends some steps but isn’t very clear what those changes are nor whether those changes are needed to be made by network administrators globally via group policies, or group policies on every PC and VM.


Caused by a Microsoft Security Patch


The Microsoft Security patch issued on Tuesday, May 8th triggered the problem by setting and requiring remote connections at the highest level:


Security update deployment information: May 08, 2018


Apparently, an automatic Windows patch to raise the security level is not implemented if the PC doesn’t allow automatic updates. This mismatch between the implementation of a security requirement (which is not optional) without the corresponding automatic update may be the source of this problem.


However, there are many situations such as development, testing, build, staging, and deployment environments that require a stable environment that would be violated by automatic updates.


We continue to research this.


Symptoms


The symptoms are rather strange because we found that some machines successfully connected while others didn’t.

For instance, we had a Windows 7 machine that hosted Remote Desktop. A Windows 7 PC had no problem connecting to it, but the same user connecting from a Windows 10 machine failed when that was never an issue before and the host machine allowed remote connection for years.


There are also reports of problems with Windows 10 machines connecting to Windows 10 machines, and people locked out of their Azure VMs.


Workaround


One could rollback the security update, but rather than risking other security problems, there’s a quick fix.


Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right click and select Properties, then click Change Settings, and go to the Remote tab.


From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”:



From Windows 7, it’s setting the option to the Less Secure option rather than More Secure:



Once these are set, users can remote to the machine again.


Hope this helps.



Additional Problem: Cannot Connect via VPN

We’ve discovered problems with VPN connection if the PC has Remote set to the higher security level.

The network connection fails with error: Cannot load the Remote Access Connection Manager service. Error 711:

Apparently, the Remote Desktop setting on the client side impacts its ability to connect via VPN to the host side. By lowering the setting to less secure for others to connect to the PC, the PC can now successfully connect to the VPN. What a mess


Our latest information is in my blog post: 

Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP

0
Comment
Author:Luke Chung
0 Comments

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Join & Write a Comment

The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month