CredSSP encryption oracle remediation

This article provides a solution to an issue in which you are not able to make a remote desktop (RDP) connection to server from the local client and got error: CredSSP encryption oracle remediation.

RDP authentication failed


To solve this issue, you have to install the update on remote server. However, if you need to connect to a computer that hasn’t received the update, you can downgrade the protection level to Vulnerable. You can do this either via Group Policy or by changing the registry.

Please follow the steps (Note: its temporary work around and risky)

  1. Execute gpedit.msc
  2. Navigate to the following path: Computer Configuration > Administrative Templates > System > Credentials Delegation.
  3. Edit the following setting: Encryption Oracle Remediation.
  4. Set it to Enabled, and set the protection level to Vulnerable.
Change the protection level to Vulnerable

Also, you can do it via the registry. This will provide the protection levels via numerical values:

  • Force Updated Clients: 0
  • Mitigated: 1
  • Vulnerable: 2
    OR To change the registry key to Vulnerable, you can run the following commands:
$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\"
New-ItemProperty -Path $RegPath -Name AllowEncryptionOracle -Value 2 -PropertyType DWORD -Force

Once you’re able to get into remote desktop please apply latest security patches and revert back to changes you applied on client computer.

Leave A Comment

Your email address will not be published. Required fields are marked *