Sunucu

How to Fix Windows Remote Desktop CredSSP Error (Step-by-Step)

Bal Host
June 1, 2026
3 min
47 views
How to Fix Windows Remote Desktop CredSSP Error (Step-by-Step)

How to Fix Windows Remote Desktop CredSSP Error: Step-by-Step Guide

If you encountered the infamous CredSSP error while trying to connect to your server or office computer via Remote Desktop (RDP), you are not alone. This error typically appears after a Windows Update and is actually an indicator that Windows is trying to protect your environment.

In this guide, we will analyze the causes and absolute solutions for the RDP error message: "An authentication error has occurred. The function requested is not supported. This could be due to CredSSP encryption oracle remediation."

🔎 Why Does This Error Occur?

CredSSP (Credential Security Support Provider) is an authentication provider that processes authentication requests for remote applications. Microsoft released a critical security update to patch a severe vulnerability (CVE-2018-0886) regarding a logical flaw in this protocol.

The error triggers if:

  1. Your local client machine is fully patched, but the remote server you are connecting to is not updated.
  2. Or vice versa.

Due to the encryption and security level mismatch between the two devices, Windows classifies the connection as "unsafe" and automatically blocks it.

🛠️ Step-by-Step Solutions for CredSSP Error

Method 1: The Best and Permanent Practice (Windows Update)

The most secure and permanent fix is to fully update Windows on both the client (your local PC) and the target computer (the server).

  • If you have alternative access to the server (via iLO, KVM, VNC, or physical console), open Windows Update on the server, install all critical security updates, and reboot the machine.

Method 2: Fixing via Registry Editor (Regedit)

If you cannot update the remote server immediately and require urgent access, you can temporarily ease your local machine's security policy to establish the connection.

  1. Press Win + R, type regedit in the Run box, and press Enter.
  2. Navigate to the following path using the left sidebar:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. If there is no folder named CredSSP under System: Right-click System, select New > Key, and name it CredSSP.
  4. Right-click the newly created CredSSP folder, choose New > Key, and name it Parameters.
  5. Click on the Parameters folder, right-click the empty space on the right side, and select New > DWORD (32-bit) Value.
  6. Name this newly created value exactly AllowEncryptionOracle.
  7. Double-click on it, set the Base to Decimal, change the Value data to 2, and click OK.

Security Implications of the Values:

  • 0 (Force Updates): Fully secure mode. Completely blocks connections to unpatched servers.
  • 1 (Mitigated): Mitigated mode. Allows connections but prompts warnings.
  • 2 (Vulnerable): Vulnerable mode. Directly permits connections to servers exposed to the vulnerability (The value that resolves the error).

Method 3: Fixing via Local Group Policy Editor (gpedit.msc)

If you are running Windows 10/11 Pro, Enterprise, or Windows Server editions, you can use the graphical Group Policy interface instead of the registry:

  1. Press Win + R, type gpedit.msc, and hit Enter.
  2. Inside the Group Policy Editor, navigate to the following path:
    Computer Configuration > Administrative Templates > System > Credentials Delegation
  3. On the right-hand panel, find and double-click "Encryption Oracle Remediation".
  4. Switch the radio button to Enabled in the top-left corner.
  5. In the Options panel below, change the Protection Level dropdown to "Vulnerable".
  6. Click Apply, then OK to save the configuration.

Keywords

how to fix credssp error remote desktop authentication error encryption oracle remediation RDP cr
Back to Blog