RDP not working on Windows Server 2012

RDP Issue with Windows Server 2012 R2. This just started happening today. Yesterday everything was working properly. I have some users able to login and some are not able to login. I am attaching a screenshot of the error some of the users are recieving. The server is online and pingable, port forwarding is setup correctly.

On another machine I was getting an error with CredSSP.

Any ideas are appreciated.

Thanks
LVL 1
Joel BudITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Nothing was attached, but Microsoft has been talking about patches they've been making to CredSSP due to vulnerabilities and what admin need to do. Essentially though  clients and servers both need to be current or problems arise.

The latest change came may 8th and was documented that it was coming in February.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joel BudITAuthor Commented:
That's about when it started. I've noticed the machine that haven't had windows update are working and the ones with windows update are not working. I'll have to go find the update or update the other machines.

As for Windows Server there is only one Administrator account. I am the Administrator but when I goto PC Settings to check it tells me the app is blocked by sys admin. Contact admin for more info. I am the Administrator. Is there an admin account I'm missing?
0
Cliff GaliherCommented:
There isn't one out of the box. But that doesn't mean one couldn't have been set up after the fact and restrictions out in place.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Joel BudITAuthor Commented:
Cliff, I think your right on with the updates and the RDP. I have 20 remote users not on a domain. I'll have to check into it more.

One screenshot I got said "An authentication error has occurred. The function requested is not supported" that is from one user and when I try RDP I get the same as above and then it says this could be from CredSSP encryption oracle remediation. It gives me a link to check out and I was looking it over.

I have to spend some more time on this issue but it won't be until Fri and Saturday.

How would you handle this?
0
Joel BudITAuthor Commented:
I'm the third Network Admin at this location I have whatever passwords were passed down to me but the person who built the Server quit the company a few years ago. We have had 2-3 people before I came along password wise... when I login to the server I always use the Administrator account.
0
AndyCommented:
Untick this on server
0
Joel BudITAuthor Commented:
Andy NLA is on. Its above all of that. There is a Windows update for Windows 10 and Server 2012 R2 that patched something that I need to find a work around for.  Client and Server are all using NLA, All the proper users are in there...
0
Joel BudITAuthor Commented:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886#ID0EUGAC

IDK if I'll eventually have to get to the clients also but I just want to get the server side working first.
0
Joel BudITAuthor Commented:
This appears to be a Windows 10 Fix only. Searching for a Windows 7 Fix and I enabled NLA and still unable to connect. It does not give a credSSP error. The Windows 7 Error is An Authentication error has occurred, this function request is not supported.

https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018


Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

Setting name: Encryption Oracle Remediation

This need to be done on each client and then a reboot.

EDIT: Changed with Windows 10 and Windows 7. All with Group Policy. The server seems to be patched properly. The clients with the errors all received the updates.
0
Joel BudITAuthor Commented:
Cliff Galiher Provided the best solution and the assist from Andy Mlad. Andy's solution is a good solution except it was for a different way to connect.

This was all Windows releasing an update as addressed above, Each client needs to addressed to enable Oracle.  This is just a band aide. I'm locked out of my server because I think there was another Admin account added that I'm not sure off.

The answer is in the link for the clients.

https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.