Windows RDP CredSSP Encryption Oracle Remediation Fix

Windows RDP CredSSP Encryption Oracle Remediation Fix: How to Resolve the Error Safely

If you’re seeing the “An authentication error has occurred. The function requested is not supported” message when connecting through Windows Remote Desktop (RDP), the issue is usually caused by the Windows RDP CredSSP Encryption Oracle Remediation fix update. The most effective fix is to update both the RDP client and the remote Windows server with the latest Windows security patches. If updating isn’t immediately possible, you can temporarily modify the Encryption Oracle Remediation policy or registry settings to allow the connection, but this should only be used as a short-term solution because it reduces security.

How CredSSP Works in Remote Desktop

CredSSP performs several important tasks during authentication:

  • Encrypts login credentials
  • Verifies the identity of the remote server
  • Prevents credential theft
  • Supports Network Level Authentication (NLA)
  • Improves RDP security

Because of these protections, Microsoft no longer recommends allowing vulnerable connections except during temporary troubleshooting.

Windows RDP CredSSP Encryption Oracle Remediation Fix: Best Method

Method 1: Install the Latest Windows Updates (Recommended)

This is the safest and permanent solution.

On the Remote Server

  1. Open Settings
  2. Go to Windows Update
  3. Check for updates
  4. Install all available security updates
  5. Restart the server

On Your Local Computer

Repeat the same process.

Once both systems are updated, reconnect using Remote Desktop.

Method 2: Change the Group Policy (Temporary Fix)

If you cannot immediately update the remote server, you can temporarily allow connections.

Step 1

Press:

Windows + R

Type:

gpedit.msc

Press Enter.

Step 2

Navigate to:

Computer Configuration

Administrative Templates

System

Credentials Delegation

Encryption Oracle Remediation

Step 3

Open Encryption Oracle Remediation.

Select:

  • Enabled

Under Protection Level choose:

  • Vulnerable

Click:

  • Apply
  • OK

Restart the computer or run:

gpupdate /force

Then reconnect.

Warning: Setting the policy to Vulnerable lowers security. Return it to the default setting after updating the server.

Method 3: Modify the Windows Registry

If Group Policy Editor isn’t available (such as on Windows Home editions), you can use the registry.

Open Registry Editor.

Navigate to:

HKEY_LOCAL_MACHINE

Software

Microsoft

Windows

CurrentVersion

Policies

System

CredSSP

Parameters

If the Parameters key is missing, create a new one before proceeding.

Create a new DWORD:

AllowEncryptionOracle

Possible values:

0 = Force Updated Clients
1 = Mitigated
2 = Vulnerable

Temporarily set:

2

Restart Windows.

After the server update is complete, reset the value to 0.

Method 4: Update the Remote Server

Many administrators only update their workstation.

The actual problem is often the server.

Update:

  • Windows Server 2012
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows 10
  • Windows 11

Install all cumulative security updates before attempting another RDP session.

Method 5: Use PowerShell

Administrators can modify the registry with PowerShell.

Run PowerShell as Administrator.

Execute:

New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP" -Force

New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" -Force

New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" -Name AllowEncryptionOracle -Value 2 -PropertyType DWORD -Force

Restart the PC.

Again, this should only be a temporary workaround.

Method 6: Enable Network Level Authentication Correctly

Some connection failures occur because Network Level Authentication (NLA) settings are inconsistent.

On the server:

  1. Open System Properties
  2. Select Remote
  3. Verify:
For enhanced security, configure your system to accept Remote Desktop connections only from devices that support Network Level Authentication (NLA).

If troubleshooting requires it, administrators may temporarily disable NLA, but it should be re-enabled once connectivity is restored.

Which Protection Level Should You Choose?

Protection LevelSecurityRecommended
Force Updated ClientsHighestYes
MitigatedMediumTemporary
VulnerableLowestEmergency only

For production environments, always use Force-Updated Clients whenever possible.

Security Risks of Using “Vulnerable”

Changing the policy to Vulnerable allows connections to servers that lack important security updates.

Potential risks include:

  • Credential interception
  • Man-in-the-middle attacks
  • Remote code execution vulnerabilities
  • Compliance violations
  • Increased exposure to cyber threats

Because of these risks, Microsoft recommends updating systems instead of permanently relaxing security settings.

Best Practices to Prevent Future CredSSP Errors

Follow these recommendations to minimize future issues:

  • Enable automatic Windows updates.
  • Keep both client and server fully patched.
  • Regularly install cumulative security updates.
  • Use supported Windows versions.
  • Avoid disabling security features permanently.
  • Monitor Group Policy settings across your environment.
  • Test updates in a staging environment before large deployments.
  • Maintain secure backups before making registry changes.

Frequently Asked Questions

What triggers the CredSSP Encryption Oracle Remediation error, and why does it occur?

It usually occurs when a patched Remote Desktop client attempts to connect to an unpatched or outdated Windows server that does not support the required CredSSP security level.

Is changing the policy to “Vulnerable” safe?

It is safe only as a temporary troubleshooting step in a trusted environment. Leaving the setting enabled long-term weakens your system’s security.

Can Windows Updates fix the problem?

Yes. In most cases, installing the latest Windows security updates on both the client and the remote server permanently resolves the issue.

Does Windows 11 still use CredSSP?

Yes. Windows 11 continues to use CredSSP as part of Remote Desktop authentication and supports the latest security improvements.

Will reinstalling Remote Desktop fix the issue?

Usually not. The problem is related to Windows security policies and patch levels, not the Remote Desktop application itself.

Conclusion

The Windows RDP CredSSP Encryption Oracle Remediation error is a security safeguard rather than a software defect. While temporarily setting the policy to Vulnerable or adjusting the registry can restore access in urgent situations, the most secure and reliable solution is to keep both your local computer and remote server fully updated with the latest Windows security patches. By maintaining current updates, using strong authentication settings, and avoiding long-term security workarounds, you can ensure stable, secure, and uninterrupted Remote Desktop connections.

Scroll to Top