Fix CredSSP Encryption Oracle Remediation Error in Remote Desktop

May 8, 2018 update for Windows 10 changed the CredSSP authentication protocol and updated default settings from Vulnerable to Mitigated. This caused issues in Remote Desktop connection with unpatched systems. While connecting to unpatched system, Windows 10 users get CredSSP Encryption Oracle Remediation error.

An authentication error has occurred.
The function requested is not supported.
Remote computer: <computer name or IP>.
This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660.
Credssp Encryption Oracle Remediation Error In Remote Desktop Connection
CredSSP error in Remote Desktop Connection

You see above error when insecure RDP connection is blocked by an Encryption Oracle Remediation policy setting on the server or client. This setting decides how to establish an RDP session by using CredSSP.

Solve CredSSP Encryption Oracle Remediation error in Remote Desktop Connection

Better and recommended solution for this problem is to patch all systems with latest Windows patch. However, it may not be possible for you to patch remote system in every case.

There is a good workaround available to fix CredSSP Encryption error in Remote Desktop connection. This fix can be done by using Group Policy Editor and Registry Editor both.

A) Group Policy Method to Fix CredSSP Encryption Error in RDP Connection

Since, Group Policy editor is not enabled on Windows 10 Home by default. So, if you are using Windows 10 Home, you can try Registry Editor method as well. Just make sure Remote Desktop Connection is enabled on the computer you are taking remote of. Let’s start with Group Policy Editor method first.

Step 1: Open Local Group Policy Editor

First of all, you need to open Group Policy Editor in your computer. So, go to RUN, type gpedit.msc and press Enter.

Type Gpedit.msc And Press Enter To Open Group Policy Editor
Type gpedit.msc in RUN and press Enter

Local Group Policy Editor window will open. Here, you can configure local policies for your computer.

Local Group Policy Editor Console
Local Group Policy Editor Console

Step 2: Go to Credentials Delegation in Group Policy Editor

In Local Group Policy Editor, go this path:

Computer Configuration\Administrative Templates\System\Credentials Delegation

You will find Encryption Oracle Remediation policy setting on the right side. We will use this setting to fix “CredSSP Encryption Oracle Remediation” error in RDP connection.

Go To Credentials Delegation Setting In Group Policy Editor to fix CredSSP Encryption Oracle Remediation Error
Go to Credentials Delegation setting in Group Policy Editor

Step 3: Change Policy Setting to Fix CredSSP Encryption Oracle Remediation Error

On the right pane, double-click Encryption Oracle Remediation policy setting. Now, change the Encryption Oracle Remediation policy to Enabled. After that, set Protection Level to Vulnerable and click Apply then OK.

Enable Encryption Oracle Remediation Policy Select Protection Level As Vulnerable And Click Ok
Enable Encryption Oracle Remediation policy, change Protection Level to Vulnerable

Now, you can close the Group Policy Editor window. You can now connect to un-patched system without any CredSSP encryption oracle remediation errors.


SEE ALSO: How to Enable End-to-End Encryption on Zoom?


B) Fix CredSSP Encryption Oracle Remediation error using Registry Editor

Let’s check Registry Editor method as well. You can make the same changes by using the Registry Editor also. But we will have to create a few Registry Keys to do that. Let’s check the steps.

Step 1: Open Registry Editor

First of all, open Registry Editor. In order to open Registry Editor, go to RUN, type regedit and press Enter.

Go To Run Type Regedit And Press Enter Or Click Ok
Go to RUN > Type regedit > press Enter

Registry Editor windows will open.

Registry Editor In Windows 10
Registry Editor in Windows 10

Step 2: Create required CredSSP Keys in Registry

Go to following location in Registry Editor:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System

Here, you have to create two Keys named as CredSSP and Parameters under System. For doing that, right-click on System key and select New Key.

Create A New Key Under System In Registry Editor
Create a New Key under System in Registry Editor

Name this new keys as CredSSP as shown below.

Rename New Key As Credssp To Fix Encryption Remediation Error In Remote Desktop
Rename New Key as CredSSP

Similarly, create a new keys under CredSSP. Simply, right-click on the newly created CredSSP key and select New Key. Name this new key as Parameters.

Create New Key Named As Parameters Under Credssp
Create New Key named as Parameters under CredSSP

Step 3: Create DWORD to Fix CredSSP Encryption Oracle Remediation Error

After creating Parameters Key, select it. Now, right-click in blank space on the right side and select New > DWORD (32-bit) Value.

Create A New Dword Under Parameters Key In Registry Editor To Fix Credssp Oracle Remediation Encryption Error
Create a new DWORD under Parameters key in Registry Editor

Name this new DWORD as AllowEncryptionOracle.

Name New Dword As Allow Encryption Oracle
Name new DWORD as AllowEncryptionOracle

Now Modify the value of this DWORD to 2 to fix CredSSP encryption oracle remediation error.

Modify Dword Value To 2 Decimal
Modify DWORD value to 2

Alternate Method:

You can also use command prompt to modify registry settings and make required changes. Open Command Prompt window as Administrator and run the following command to add a registry value:

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
Create Credssp Registry Entry Using Cmd To Fix Encryption Oracle Remediation Error
Create CredSSP Registry entry using command prompt

SEE ALSO: 10 Cool Command Prompt Tricks for you.


Fix CredSSP Encryption Oracle Remediation Authentication Error in RDP

Now you have successfully bypassed the Encryption Oracle Remediation security. You can now connect to unpatched systems without CredSSP Encryption authentication error. However we recommend you to patch all your servers and client system with latest security patches.

You can check this link for more details on CredSSP error on Microsoft website. Share your thoughts and queries in comment section down below.

Editorial Staff

Hi there, we are the editorial staff at HELLPC. We are a team of funny and technical people. Feel free to get in touch with us via Contact-Us page.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button