CredSSP updates for CVE-2018-0886
That Monday morning issue when servers were patched on a Sunday… All Windows 10 clients fail to RDP to the RDS server following Windows Server Patching.
The cause?
“By default, after this update is installed, patched clients cannot communicate with unpatched servers. Use the interoperability matrix and group policy settings described in this article to enable an “allowed” configuration.”
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
Temp Solution until clients are patched
Create a registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
CredSSP and Parameters keys had to be created
Create the AllowEncryptionOracle DWORD and give it a value of 2
or Command lined:
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
Tested on Windows 7 and Windows 10.
No reboot required.
Note this reduces the security the patch was put in to fix
See an advert of interest, CLICK IT! This site is funded by AD clicks.