Client failed to RDP to RDS server following Windows Server Patching – CredSSP updates for CVE-2018-0886

CredSSP updates for CVE-2018-0886

That Monday morning issue when servers were patched on a Sunday… All Windows 10 clients fail to RDP to the RDS server following Windows Server Patching.

The cause?

“By default, after this update is installed, patched clients cannot communicate with unpatched servers. Use the interoperability matrix and group policy settings described in this article to enable an “allowed” configuration.”

https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Temp Solution until clients are patched

Create a registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters

CredSSP and Parameters keys had to be created
Create the AllowEncryptionOracle DWORD and give it a value of 2

or Command lined:

REG  ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

 

Tested on Windows 7 and Windows 10.
No reboot required.

Note this reduces the security the patch was put in to fix

See an advert of interest, CLICK IT!  This site is funded by AD clicks.