Recently, when connecting to another Windows machine with RD, I got the following RDP authentication error due to CredSSP encryption oracle remediation:
Windows client
Following the above link, and searching around, this seems caused by the client Windows is patched with a CredSSP (Credential Security Support Provider protocol) update for CVE-2018-0886, while the remote Windows is not. The solution is certainly patching the remote Windows. However, if you do not have the permission to patch the remote Windows (In this case, I am connecting to a build VM provided by AppVeyor), then you have to compromise the client.
Windows Pro Edition (with group policy editor)
The workable solution I found is to edit client Windows’ local group policy (gpedit.msc):
Under Computer Configuration -> Administrative Templates -> System -> Credentials Delegation, there is a setting “Encryption Oracle Remediation”. Its default value is “Not configured”. Just change it to “Enabled”, and set “Protection Level” as “Vulnerable”.
Windows 10:
Windows 7:
Now your remote desktop should be able to connect. Remember to revert the setting after you are done.
Không có nhận xét nào:
Đăng nhận xét