The problem
You can get this error while trying to open an RDP session.
An authentication error has occurred. The function requested is not supported
The reason
This is due to a combination of three factors:
- You activated NLA on your target computer
- The target computer is not patched for CVE-2018-0886
- You enforced the Force updated clients or Mitigated parameters on the source computer
Actually, NLA uses CredSPP (for pre-authentication) which is impacted by CVE-2018-0886.
The most common scenario is the following one:
- You enforced NLA on your servers since a long time
- You recently patched your workstations for CVE-2018-0886 and enforced the Force updated clients or Mitigated parameters on your workstations
- However, meanwhile, you didn’t patch your servers for CVE-2018-0886
- An now you are stuck with this error message when you try to open an RDP session on a non-patched server.
The solution
Choose one of the following solutions and see links in the More about section below if you don’t know how to do it.
- Patch your target computer for CVE-2018-0886 (Recommended)
- Enforce the Vulnerable parameter on the source computer (Not recommended)
- Disable NLA on your target computer (Not recommended)
Despite solution 2 and 3 are really not recommended, they can be a temporary workaround until you patch your target computer.
A possible resolution plan could be:
- Enforce the Vulnerable parameter on all computers (i.e. workstations and servers) with a GPO.
Now, as soon as this GPO has been deployed everywhere,
everything is working fine again,
and you have all the time you want to deploy the patch for CVE-2018-0886. - Patch all computers (i.e. workstations and servers) for CVE-2018-0886
- Update the GPO to enforce the Force updated clients or Mitigated parameters
Update
Finally, Microsoft has published an article about this issue.
You can find it here:
“CredSSP encryption oracle remediation” error when RDP to a Windows VM in Azure
More about
Why Use Network Level Authentication (Technet)
WS2008: Network Level Authentication and Encryption (Microsoft blogs)
Configuring Network Level Authentication for RDP
CredSSP updates for CVE-2018-0886 (Microsoft Support)
CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability (Microsoft Security Portal)
itluke.online 
Nightmare. Thanks for the post.
LikeLike
Hi thanks for the post. I had faced this issue in our domain as well. I removed the update KB41037272. , KB4103718 which were installed in user machine and rebooted the machine. this resolved the issue.
But i am not sure how to restrict this from installing again.
hopefully microsoft is aware about the pain they have caused and fix it asap.
LikeLike
Hi,
By removing the security updates, you keep an important vulnerability which can lead to remote code execution. This is probably not what you want…
All you need is a resolution plan. I have just updated my post and added one.
LikeLike
One could rollback the security update, but rather than risking other security problems, there’s a quick fix.
Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab.
From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”:
From Windows 7, it’s setting the option to the Less Secure option rather than More Secure:
Once these are set, users can remote to the machine again.
LikeLike
By doing this you end up with 2 security holes: NLA and CVE-2018-0886.
Enforcing the Vulnerable parameter (it’s just one registry value to implement) is just as fast than disabling NLA, but it leaves you only with the CVE-2018-0886 security hole.
LikeLike