An authentication error has occurred. The function requested is not supported
Another update from Microsoft brings a new set of issues in a corporate environment. Users started reporting errors when they have tried to connect to a remote computer via RDP. The error message says: An authentication error has occurred. The function requested is not supported.
Short info from Microsoft:
Credential Security Support Provider protocol (CredSSP) is an authentication provider that processes authentication requests for other applications.
A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack.
This security update addresses the vulnerability by correcting how CredSSP validates requests during the authentication process.
By default, after this update is installed, patched clients cannot communicate with unpatched servers. Use the interoperability matrix and group policy settings described in this article to enable an “allowed” configuration.
Even though I have patches the client and the server I was unable to connect to some of our servers in the network. So, to resolve this, and having in mind that our network is behind a firewall I had to create a new group policy and apply it to these servers.
You can also edit local security policy on the problematic server and make necessary changes to be able to connect to the server.
Open Local Group Policy Editor (gpedit.msc)
In the left pane navigate to Computer Configuration | Administrative Templates | System | Credentials Delegation
In the right pane double-click on the “Encryption Oracle Remediation” setting
Click on Enabled to enable the setting and change the Protection Level to Vulnerable
This was the only way to be able to connect to remote server via RDP without being blocked with An authentication error has occurred error message, even though my servers and clients are patched regularly.
Comments are welcome!