Recently, we provisioned a new VM for one of my colleagues for testing but this error came out as “CredSSP encryption oracle remediation” when he tried to do a remote desktop to the server.

We did a check as well to confirm correct access rights are given and the server is also configured where the remote desktop connection is allowed too. Furthermore, also we also confirmed that the firewall is allowed too for his account to this new server via RDP connection.

So how we managed to overcome this error? Read on to find out more!

What is CredSSP Encryption Oracle Remediation?

It is a security feature that helps protect Remote Desktop Protocol (RDP) connections by preventing the use of insecure protocols and weak encryption keys. This feature is designed to prevent man-in-the-middle attacks and protect against the use of vulnerable encryption ciphers.

When this feature is enabled, the server can detect when an insecure protocol is being used and will force the client to use a secure version of the protocol. This helps ensure that the data being sent between the two computers is encrypted and secure.

What causes this error – CredSSP encryption oracle remediation?

What causes this error -  CredSSP encryption oracle remediation?

If you are trying to establish an insecure RDP connection, but it is being blocked by an Encryption Oracle Remediation policy setting on the server or client, an error may occur. This policy setting dictates how an RDP session is constructed using CredSSP, and if an insecure RDP connection is permitted.

You can find out more about this from the Microsoft site here.

How Do I Fix CredSSP encryption oracle remediation?

There are a few ways and some of which will be a workaround

1. Install the CredSSP update from the Microsoft site

You will need to ensure both the client and server sides are installed with the CredSSP update. You can find more information about CVE2018-0886 here.

2. Update Group Policy Setttings gpedit.msc – For Client

You can try the following:

a. Go to run and type gpedit.msc press enter.

b. It will launch Local Group Policy Editor

Local Group Policy Editor

c. Under Computer Configuration located at the left side menu – Go to Administrative Templates > System > Credentials Delegation

d. Search for Encryption Oracle Remediation which is located at the right side panel.

Encryption Oracle Remediation

e. Select Enabled and Vuluerable for the Protection Level. Press Ok once done.

3. Update Registery For Servers

As for the servers, you will need to run the just one command to add the registery.

a. Open command prompt in Administrator mode.

b. Simply input the following below in command prompt and press enter:

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Wrapping Up

Hopefully after all these recommendations and workaround in this post will help you to resolve this CredSSP encryption oracle remediation error. And also you have a better understanding why CredSSP encryption is required for client server remote connection.

Categorized in: