Unable to connect to server via Remote Desktop Connection

Due to a vulnerability described via the link below, you may have trouble connecting to a server via Remote Desktop Connection (commonly referred to as RDP).

CredSSP updates for CVE-2018-0886

Depending on whether a patch is installed at the source and/or destination, you may get the error prompt below when connecting:

rdc1.jpgrdc6.jpg

Be careful to differentiate the error below which looks highly similar to the one above, except in this case it was due to account lockout.

rdc7rdc8

Let’s come back to this issue. Per the same link above: “By default, after this update is installed, patched clients cannot communicate with unpatched servers.”

An easy and proper fix is to ensure the same patch is installed at both source/destination. In the meantime, you can implement the temporary workaround detailed below if you need to connect quickly:

Launch local group policy editor, gpedit.msc (you may have to right click and launch as administrator if you do not have local admin right on your machine).

rdc3.jpg

Navigate to Computer Configuration -> Administrative Templates -> System -> Credentials Delegation and double click on Encryption Oracle Remediation.

rdc4.jpg

Select radio button Enabled. Then click on the drop-down next to Protection Level and select Vulnerable.

rdc5.jpg

You should now be able to RDP to the server remotely with this workaround. Again, this should only be a temporary fix until the proper patch is installed across your environment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.