"CredSSP encryption oracle remediation" error when RDP to a Windows VM in Azure

Recently, we have been seeing this error message  "CredSSP encryption oracle remediation" error when RDP to a Windows VM in Azure quite frequently which does not allow you to RDP/Login into your Azure VM. Full documentation and root cause analysis of the issue is mentioned in this article released by Microsoft Support

Do not worry if you run into this issue as resolving this on your Azure VM is pretty simple and can be done very easily from your azure portal. Steps to resolve this are:

  1. Login into https://portal.azure.com
  2. Navigate to the Azure Virtual Machine tab and go to the VM that is giving this error
  3. Now under operations, select the Run Command option which will give you the option to run a PowerShell script
  4. In the PowerShell script section, type in the below two lines and click on run
 REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -name "AllowEncryptionOracle" 2 -Type DWord


Now on your own machine (client machine), follow the below steps:

  1. On the client that has the CredSSP update installed, run gpedit.msc, and then browse to Computer Configuration > Administrative Templates > System > Credentials Delegation in the navigation pane.
  2. Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.

If needed, please restart the server and now when you try to RDP into your Azure VM you will be able to login and complete the connection. Please note that it is highly recommended to patch your VMs and follow the latest guidelines that are mentioned in the Microsoft Support Article.