[Solved] Authentication error function not supported

The problem

You can get this error while trying to open an RDP session.

An authentication error has occurred.
The function requested is not supported

An authentication error has occurred the function requested is not supported

The reason

This is due to a combination of three factors:

  • You activated NLA on your target computer
  • The target computer is not patched for CVE-2018-0886
  • You enforced the Force updated clients or Mitigated parameters on the source computer

Actually, NLA uses CredSPP (for pre-authentication) which is impacted by CVE-2018-0886.

The most common scenario is the following one:

  1. You enforced NLA on your servers since a long time
  2. You recently patched your workstations for CVE-2018-0886 and enforced the Force updated clients or Mitigated parameters on your workstations
  3. However, meanwhile, you didn’t patch your servers for CVE-2018-0886
  4. An now you are stuck with this error message when you try to open an RDP session on a non-patched server.

The solution

Choose one of the following solutions and see links in the More about section below if you don’t know how to do it.

  • Patch your target computer for CVE-2018-0886 (Recommended)
  • Enforce the Vulnerable parameter on the source computer (Not recommended)
  • Disable NLA on your target computer (Not recommended)

Despite solution 2 and 3 are really not recommended, they can be a temporary workaround until you patch your target computer.

A possible resolution plan could be:

  1. Enforce the Vulnerable parameter on all computers (i.e. workstations and servers) with a GPO.

    Now, as soon as this GPO has been deployed everywhere,
    everything is working fine again,
    and you have all the time you want to deploy the patch for CVE-2018-0886.

  2. Patch all computers (i.e. workstations and servers) for CVE-2018-0886
  3. Update the GPO to enforce the Force updated clients or Mitigated parameters

Update

Finally, Microsoft has published an article about this issue.
You can find it here:

“CredSSP encryption oracle remediation” error when RDP to a Windows VM in Azure

More about

Why Use Network Level Authentication (Technet)

WS2008: Network Level Authentication and Encryption (Microsoft blogs)

Configuring Network Level Authentication for RDP

CredSSP updates for CVE-2018-0886 (Microsoft Support)

CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability (Microsoft Security Portal)

6 thoughts on “[Solved] Authentication error function not supported

  1. Hi thanks for the post. I had faced this issue in our domain as well. I removed the update KB41037272. , KB4103718 which were installed in user machine and rebooted the machine. this resolved the issue.

    But i am not sure how to restrict this from installing again.

    hopefully microsoft is aware about the pain they have caused and fix it asap.

    Like

    1. Hi,

      By removing the security updates, you keep an important vulnerability which can lead to remote code execution. This is probably not what you want…

      All you need is a resolution plan. I have just updated my post and added one.

      Like

  2. One could rollback the security update, but rather than risking other security problems, there’s a quick fix.

    Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab.

    From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”:

    From Windows 7, it’s setting the option to the Less Secure option rather than More Secure:

    Once these are set, users can remote to the machine again.

    Like

    1. By doing this you end up with 2 security holes: NLA and CVE-2018-0886.
      Enforcing the Vulnerable parameter (it’s just one registry value to implement) is just as fast than disabling NLA, but it leaves you only with the CVE-2018-0886 security hole.

      Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s