If you’re seeing the “An authentication error has occurred. The function requested is not supported” message when connecting through Windows Remote Desktop (RDP), the issue is usually caused by the Windows RDP CredSSP Encryption Oracle Remediation fix update. The most effective fix is to update both the RDP client and the remote Windows server with the latest Windows security patches. If updating isn’t immediately possible, you can temporarily modify the Encryption Oracle Remediation policy or registry settings to allow the connection, but this should only be used as a short-term solution because it reduces security.
How CredSSP Works in Remote Desktop
CredSSP performs several important tasks during authentication:
- Encrypts login credentials
- Verifies the identity of the remote server
- Prevents credential theft
- Supports Network Level Authentication (NLA)
- Improves RDP security
Because of these protections, Microsoft no longer recommends allowing vulnerable connections except during temporary troubleshooting.
Windows RDP CredSSP Encryption Oracle Remediation Fix: Best Method
Method 1: Install the Latest Windows Updates (Recommended)
This is the safest and permanent solution.
On the Remote Server
- Open Settings
- Go to Windows Update
- Check for updates
- Install all available security updates
- Restart the server
On Your Local Computer
Repeat the same process.
Once both systems are updated, reconnect using Remote Desktop.
Method 2: Change the Group Policy (Temporary Fix)
If you cannot immediately update the remote server, you can temporarily allow connections.
Step 1
Press:
Windows + RType:
gpedit.mscPress Enter.
Step 2
Navigate to:
Computer Configuration
Administrative Templates
System
Credentials Delegation
Encryption Oracle RemediationStep 3
Open Encryption Oracle Remediation.
Select:
- Enabled
Under Protection Level choose:
- Vulnerable
Click:
- Apply
- OK
Restart the computer or run:
gpupdate /forceThen reconnect.
Warning: Setting the policy to Vulnerable lowers security. Return it to the default setting after updating the server.
Method 3: Modify the Windows Registry
If Group Policy Editor isn’t available (such as on Windows Home editions), you can use the registry.
Open Registry Editor.
Navigate to:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Policies
System
CredSSP
ParametersIf the Parameters key is missing, create a new one before proceeding.
Create a new DWORD:
AllowEncryptionOraclePossible values:
0 = Force Updated Clients
1 = Mitigated
2 = VulnerableTemporarily set:
2Restart Windows.
After the server update is complete, reset the value to 0.
Method 4: Update the Remote Server
Many administrators only update their workstation.
The actual problem is often the server.
Update:
- Windows Server 2012
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Windows 10
- Windows 11
Install all cumulative security updates before attempting another RDP session.
Method 5: Use PowerShell
Administrators can modify the registry with PowerShell.
Run PowerShell as Administrator.
Execute:
New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP" -Force
New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" -Force
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" -Name AllowEncryptionOracle -Value 2 -PropertyType DWORD -ForceRestart the PC.
Again, this should only be a temporary workaround.
Method 6: Enable Network Level Authentication Correctly
Some connection failures occur because Network Level Authentication (NLA) settings are inconsistent.
On the server:
- Open System Properties
- Select Remote
- Verify:
For enhanced security, configure your system to accept Remote Desktop connections only from devices that support Network Level Authentication (NLA).
If troubleshooting requires it, administrators may temporarily disable NLA, but it should be re-enabled once connectivity is restored.
Which Protection Level Should You Choose?
| Protection Level | Security | Recommended |
|---|---|---|
| Force Updated Clients | Highest | Yes |
| Mitigated | Medium | Temporary |
| Vulnerable | Lowest | Emergency only |
For production environments, always use Force-Updated Clients whenever possible.
Security Risks of Using “Vulnerable”
Changing the policy to Vulnerable allows connections to servers that lack important security updates.
Potential risks include:
- Credential interception
- Man-in-the-middle attacks
- Remote code execution vulnerabilities
- Compliance violations
- Increased exposure to cyber threats
Because of these risks, Microsoft recommends updating systems instead of permanently relaxing security settings.
Best Practices to Prevent Future CredSSP Errors
Follow these recommendations to minimize future issues:
- Enable automatic Windows updates.
- Keep both client and server fully patched.
- Regularly install cumulative security updates.
- Use supported Windows versions.
- Avoid disabling security features permanently.
- Monitor Group Policy settings across your environment.
- Test updates in a staging environment before large deployments.
- Maintain secure backups before making registry changes.
Frequently Asked Questions
What triggers the CredSSP Encryption Oracle Remediation error, and why does it occur?
It usually occurs when a patched Remote Desktop client attempts to connect to an unpatched or outdated Windows server that does not support the required CredSSP security level.
Is changing the policy to “Vulnerable” safe?
It is safe only as a temporary troubleshooting step in a trusted environment. Leaving the setting enabled long-term weakens your system’s security.
Can Windows Updates fix the problem?
Yes. In most cases, installing the latest Windows security updates on both the client and the remote server permanently resolves the issue.
Does Windows 11 still use CredSSP?
Yes. Windows 11 continues to use CredSSP as part of Remote Desktop authentication and supports the latest security improvements.
Will reinstalling Remote Desktop fix the issue?
Usually not. The problem is related to Windows security policies and patch levels, not the Remote Desktop application itself.
Conclusion
The Windows RDP CredSSP Encryption Oracle Remediation error is a security safeguard rather than a software defect. While temporarily setting the policy to Vulnerable or adjusting the registry can restore access in urgent situations, the most secure and reliable solution is to keep both your local computer and remote server fully updated with the latest Windows security patches. By maintaining current updates, using strong authentication settings, and avoiding long-term security workarounds, you can ensure stable, secure, and uninterrupted Remote Desktop connections.



