Unable to connect via RDP

Question

I fail to connect to my Win 10 VM using RDP.

The trouble shooter states

We have determined that your Windows Virtual Machine (VM) GoogleVM is in an inaccessible state due to a Credential Security
Support Provider (CredSSP) issue

I have followed the instructions in https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/credssp-encryption-oracle-remediation but was not able to find any suitable patch for my Windows version (10, 19044).

I did change the registry at both sides

REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /v AllowEncryptionOracle /t REG_DWORD /d 2

and have restarted both the client and the VM.

I did also reset the NIC on the VM using https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/reset-network-interface#for-vms-deployed-in-resource-group-model

But still can't connect.

Note that I get the exact same error message if I enter a bogus password.

Answer 1

My client is Windows 10 Version 21H2 (OS Build 19044.1826)

Answer 2

Hello @Henrik Andreasson ,
Thanks for sharing the error screenshot.
The mitigation step that you have followed is the correct one.
This RDP authentication issue can occur if the local client and the remote host have differing Encryption Oracle Remediation settings that define how to build an RDP session with CredSSP. If the server or client have different expectations on the establishment of a secure RDP session, the connection could be blocked.

I understand that you have tried to follow this workaround. I presume that you are setting the AllowEncryptionOracle value to 2 on the client machine registry setting so that it can connect to both patched and unpatched azure VMs and then doing a restart of the client. Post restart also, you see the same error. Could you also connect to gpedit.msc and verify the same? If you still see the same error, then probably we would need to look at some logs. I'll wait for your response. Thank You.

------------

Please accept as answer if the information provided is helpful.

Answer 3

Hi @srbhatta-MSFT ,

the link called "this workaround" in your reply is invalid so I can't comment on that part.

I am adding a screenshot of what it looks like on my client that can't connect to the VM:

I did also try another Windows device (19043.1826) and was then able to connect using the exact same RDP file.
That device does not have any special configuration for "Oracle Remediation" so it is probably not the root cause.

The device which can't connect is configured for use at Google and the one where I could connect is "clean" and there is probably some subtle difference in how my corp device is configured.

Given that I now have one device that I can connect with, I guess I am fine and I can live without being able to connect on my other device.

May I also ask one last question: if I instead of connecting via RDP want to connect using the Citrix Worspace application, can I then set this up from the Azure portal or must I "drive" that from a Citrix portal instead?

Answer 4

@srbhatta-MSFT

I am fine with not being able to connect using my Google issued laptop, hence we can ignore the original topic.

Would it be OK if i use this "ticket" and instead ask for support on how to connect to my existing VM using Citrix Workspace app instead.

Will I be able to do so using my existing subscription and can you please help me how to get started.