Connection Error Details
While attempting to make an RDP connection to another Windows client the following error may be encountered. Typically this error is encountered when attempting a connection to an Azure hosted client, it has also been encountered when attempting a connection to Windows Server 2012 client.
An authentication error has occurred.
The function requested is not supported
This could be due to CredSSP encryption oracle remediation
Cause
This error is due to a recent update to windows to resolve vulnerabilities in windows authentication. Specifically a vulnerability in the Windows subsystem, Credential Security Support Provider Protocol (CredSSP). This vulnerability applies to all modern versions of Windows Operating systems and allows for a remote code execution vulnerability.
Microsoft’s Security TechCenter contains information on all of the products affected and other important details on the vulnerability.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886
Also see the National Vulnerability Database article, CVE-2018-0886, released on 03/14/2018, for vulnerability details.
Workaround
Ensure that your windows environment has the latest updates applied.
Use group policy to change the Credential Delegation at the client.
- On the client run gpedit.msc, and then browse to Computer Configuration > Administrative Templates > System > Credentials Delegation in the navigation pane.
- Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.
Once the change is made in the group policy editor it is put into effect immediately. No restart was required to apply the change. Also changing the setting back to Not Configured does result in the error re-appearing.
The following Microsoft Article was released to cover this issue. While this article specifically calls out Azure clients, this has been encountered on non-Azure clients as well.
As always it is important to install the latest Windows Updates to prevent these types of vulnerabilities. It is recommended to check at least monthly for new updates if not done automatically.