Table of contents:
How to fix the error This could be due to CredSSP encryption oracle remediation
Step 1: Press the key
Windows + Rand type
Step 3 : Inside the CredSSP key, create more key Parameters
Step 4: In Parameters create DWORD (32 bit) Value and name it AllowEncryptionOracle
Step 5: Double click on AllowEncryptionOracle and enter Value data as 2
Complete the above steps exit Registry Editor and proceed to reconnect.
How to Fix This could be due to CredSSP encryption oracle remediation Error
Why is encryption oracle remediation not found?
This error is due to a recent update (KB4093492) to windows to resolve vulnerabilities in windows authentication. Specifically a vulnerability in the Windows subsystem, Credential Security Support Provider protocol (CredSSP). This vulnerability applies to all modern versions of Windows Operating systems and allows for a remote code execution vulnerability. However, post patching caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols. Let’s take a look at the Windows RDP CredSSP encryption oracle remediation error fix.
Use group policy to change the Credential Delegation at the client
Use the group policy settings changes described below to roll back the changes to the ‘Vulnerable’ state to allow RDP access.
- Press Windows + R, type gpedit.msc and ok
- On the group policy, the editor window navigate the following path
- Computer Configuration > Administrative Templates > System > Credentials Delegation
- Double click on the policy named “Encryption Oracle Remediation”
- Here change the policy enabled,
- Then change Protection Level to Vulnerable. (see image below)
Once the change is made in the group policy editor it is put into effect immediately. No restart was required to apply the change.
Now try to reconnect the RDP client check there is no more RDP authentication error “CredSSP encryption oracle remediation”.
Tweak Windows registry editor
If you are windows home basic user, you don’t have a group policy editor option to change the Credential Delegation at the client. But don’t worry you can apply the following registry tweak to fix the Windows RDP CredSSP encryption oracle remediation error.
- Press Windows + R, type regedit and ok
- This will open Windows registry editor, navigate the following subkey
- HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Policies > System
- Right-click on System, select New > Key and name it as CredSSP.
- Now right click on CredSSP and create a new key with the name Parameters.
- In Parameters, you have to create new DWORD (32-bit) value with the name AllowEncryptionOracle.
- right-click on AllowEncryptionOracle and choose Modify
- Here change its value data to “2” and Base to “Decimal“.
- That’s all, click ok and close registry editor.
Now try connecting to other systems using RDP and you can now see the successful connection.