Is your remote connection attempt ending up in the RDP authentication error CredSSP message?

CredSSP authentication in Rdesktop authorizes the user credentials from the local computer to a remote computer.

Often after a Microsoft Windows machine update, Rdesktop connection attempts result in such CredSSP errors.

At Bobcares, we often receive requests to fix RDP errors as part of our Server Management Services.

Today, let us discuss the causes for the error and see how our Support Engineers fix the error.

Causes for the RDP authentication error CredSSP

Let’s now check the major causes for the CredSSP error in RDP.

In general, Rdesktop uses CredSSP (Credential Security Support Provider Protocol) for user authentication.

Microsoft releases timely security patches to fix the vulnerabilities. The patches for the CredSSP vulnerability pushed in May 2018 made it mandatory for both client and server computers to have the update installed.

As a result, this error occurs when Microsoft windows update is not installed either on the server or on the client computer. Since the RDP uses CredSSP both the machines need to be updated for successful login. Else the error message will display as:

The latest windows update can be uninstalled to resolve the error. However, rolling back is not a good option since security patches are provided in the update. The best option is to update the remote server.

Let us discuss how our Support Engineers get access to the remote server and update the server.

How to resolve the RDP authentication error CredSSP

There are 2 methods to get access to the server. We can make the changes in policy from the Encryption Oracle Remediation as well as from Windows Registry Editor.

Let us discuss how our Support Engineers get access to the server.

Method 1: From Encryption Oracle Remediation

To change the policy, we do the following.

In the local machine. Go to Run.

Type gpedit.msc and click Enter.

Now expand Computer Configuration >> Administrative Template >> System >> Credentials Delegation >> Encryption Oracle Remediation.

Then double click on Encryption Oracle Remediation policy. Now choose Enable and change protection level to Vulnerable.

Finally, Apply the changes and click OK.

Now we can connect using RDP to the remote server without any error.

Method 2: From Windows Registry Editor

The fix from the Windows Registry Editor requires a series of steps.

In the local machine. Go to Run.

Type regedit and click Enter.

Expand Computer >> HKEY_LOCAL_MACHINE >> SOFTWARE >> Microsoft >> Windows >> CurrentVersion >> Policies >> System >> CredSSP >> Parameters.

Now double-click on the Key Allow Encryption and change the value to 2.

Where Force Updated Clients is 0 and Migitated is 1. Change the value to 2 will make the option Vulnerable. Finally, apply the changes.

Now we can connect using RDP to the remote server without any error.

We will be able to RDP to the server as a result of the changes we made. Since we have changed the option Vulnerable. It is not advisable to leave the option vulnerable. So we update Windows to resolve the error and then change the option to secure.

Again, Registry edits are always critical and incorrect edits can even make the server down.

Update Windows in the remote server

After connecting to the server, We, then go to Windows Update and check for updates. Now we Install all the updates.

To apply the changes, reboot the server.

Once the windows update is complete. We revert the changes that were made to vulnerable.

After the update, we will be able to login to the server without any error.

Ideally, when there is server console access readily available, our Support Engineers just proceed and do the updates from the server itself.

[Still have trouble connecting via RDP? Our Windows Experts are available 24×7 to help you.]

Conclusion

In short, we have discussed the causes for RDP authentication error CredSSP. Also, we have discussed how our Support Engineers login to the remote server and resolve the error.