How to Fix the CredSSP “Encryption Oracle Remediation” RDP Error

RDP Error

How to Fix the CredSSP "Encryption Oracle Remediation" RDP Error

If you are managing Windows Servers, you have likely encountered this terrifying error message when trying to connect via Remote Desktop: "An authentication error has occurred. The function requested is not supported... This could be due to CredSSP encryption oracle remediation."

Why does this happen? This is caused by a patch mismatch (specifically addressing vulnerability CVE-2018-0886). The error triggers when the client machine you are connecting from has the latest Microsoft security updates installed, but the target server you are connecting to does not. Windows blocks the connection because the server is attempting to use an insecure, outdated version of the CredSSP protocol.

The "Correct" Fix vs. The "Immediate Workaround"

The true, permanent fix for this error is to log into the target server (via console or hypervisor) and run Windows Updates so it supports the secure CredSSP protocol. However, if you need immediate RDP access to the server right now, you can apply the following client-side workaround to temporarily bypass the security block.

  • one

    Open the Local Group Policy Editor

    On the client machine (the computer you are sitting at, not the server), press the Windows Key + R, type gpedit.msc, and hit Enter to open the Local Group Policy Editor.

  • two

    Navigate to the CredSSP Policies

    In the left-hand pane, drill down through the following path:

    Computer Configuration > Administrative Templates > System > Credentials Delegation.

  • three

    Edit the Encryption Oracle Remediation Policy

    In the right-hand pane, locate the policy named Encryption Oracle Remediation. Double-click it to open the configuration window.

  • four

    Set Protection Level to Vulnerable

    Change the radio button at the top to Enabled. In the "Options" section below, click the Protection Level dropdown menu and change it from "Mitigated" to Vulnerable. Click Apply and OK.

  • five

    Reconnect to Your Server

    You do not need to reboot your client machine. Open your Remote Desktop Connection app and attempt to connect to the server again. The connection will now succeed.

Alternative Method: The Registry Fix (Fastest Method)

If you do not have access to gpedit.msc (for example, on Windows 10/11 Home editions), you can apply the exact same workaround directly through the Windows Registry. Open Command Prompt as an Administrator and paste the following command to instantly create the required registry key:

Run this in an elevated Command Prompt:
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 2

Security Warning: Setting this value to "Vulnerable" exposes your RDP session to potential man-in-the-middle attacks. Once you have successfully connected to your server, you must run Windows Updates on the server immediately. After the server is patched, we highly recommend reverting your client machine's policy back to "Not Configured".

Is Your Server Properly Licensed?

Connection errors aren't just caused by patches—an expired 120-day grace period will lock your users out completely. Ensure your infrastructure is secure and properly authorized with authentic Microsoft RDS CALs. We offer instant delivery and free technical installation support.

Shop Genuine RDS CALs

Related Posts

How to Configure the RDS “Startup Environment” in Server 2016, 2019, 2022 & 2025

July 12, 2025

Home – How to Configure the RDS “Startup Environment” in Server 2016, 2019, 2022 & 2025 How to Configure the RDS “Startup Environment” in Server 2016, 2019, 2022 & 2025 If you recently upgraded your infrastructure, you likely noticed a glaring omission: Microsoft removed the Environment, Sessions, and Remote Control tabs from the Active Directory…

How to configure “Licensing Mode” and “License Server to Use” on a Windows Server?

August 12, 2025

Home / How to configure “Licensing Mode” and “License Server to Use” on a Windows Server? Configuring RDS Licensing Mode and License Server A guide for Windows Server 2016, 2019, 2022, and 2025. Configuring the Remote Desktop Services (RDS) licensing mode and license server on a Windows Server is a critical step for allowing more…

Everything you need to know about Microsoft RDS CALs

August 12, 2025

Home / Everything you need to know about Microsoft RDS CALs Everything you need to know about Microsoft RDS CALs A complete guide to Remote Desktop Services Client Access Licenses. What are Microsoft RDS CALs? RDS CALs (Remote Desktop Services Client Access Licenses) are a type of license required for a user or device to…

How to Remove or Delete all RDS CALs from a Windows Server?

September 12, 2025

Home / How to Remove or Delete all RDS CALs from a Windows Server? How to Delete All RDS CALs from Windows Server A guide for resetting licensing on Windows Server 2016, 2019, and 2022. The process for deleting all Remote Desktop Services (RDS) CALs from a Windows Server can be done through a few…