Recently a Windows update was published by Microsoft that can cause errors connecting to hosts using the Remote Desktop Connection application. The error that displays actually explains the nature of the message – that there has been changes to CredSSP oracle encryption, and the server you are trying to connect to is not supported.

What’s happened in a nutshell is a vulnerability exists in CredSSP that allowed attackers to compromise the server via a man in the middle attack on your remote connection. The fix addresses this, but the fix is required to be installed on both client and server.  Automatic Windows updates on Windows 10 Home & Pro will install the client-side fix, but your server may need to be manually updated.

Getting connected back to the server is a pain – you either need to update the server so it has the security patches for CredSSP installed, or you can switch to using the Windows 10 Remote Desktop App (from the Windows Store).

Where there’s not a possibility to patch the server for whatever reason, and you really must use the normal Remote Desktop Connection program – you can disable the client-side CredSSP fix by applying the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters

Set a new value of AllowEncryptionOracle with Data Type DWORD set to ‘2’.

Or you can run the following command on the Command Line:

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Please do bare in mind that by doing this registry change you are disabling the security fix and leaving the server vulnerable to a man-in-the-middle attack. The best option is to ensure both client and server has the security fixes to negate the need to disable the fix.

More information can be found on Microsoft’s Support website.