Share via


"CredSSP encryption oracle remediation" error when RDP to a Windows VM in Azure

Recently, we have been seeing this error message  "CredSSP encryption oracle remediation" error when RDP to a Windows VM in Azure quite frequently which does not allow you to RDP/Login into your Azure VM. Full documentation and root cause analysis of the issue is mentioned in this article released by Microsoft Support

Do not worry if you run into this issue as resolving this on your Azure VM is pretty simple and can be done very easily from your azure portal. Steps to resolve this are:

  1. Login into https://portal.azure.com
  2. Navigate to the Azure Virtual Machine tab and go to the VM that is giving this error
  3. Now under operations, select the Run Command option which will give you the option to run a PowerShell script
  4. In the PowerShell script section, type in the below two lines and click on run
 REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -name "AllowEncryptionOracle" 2 -Type DWord

 

Now on your own machine (client machine), follow the below steps:

  1. On the client that has the CredSSP update installed, run gpedit.msc, and then browse to Computer Configuration > Administrative Templates > System > Credentials Delegation in the navigation pane.
  2. Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.

If needed, please restart the server and now when you try to RDP into your Azure VM you will be able to login and complete the connection. Please note that it is highly recommended to patch your VMs and follow the latest guidelines that are mentioned in the Microsoft Support Article.

-Cheers

Comments

  • Anonymous
    June 14, 2018
    Hello. Same issue for Azure Stack VM's. What is the recommended fix for VM's executing on Azure Stack?
  • Anonymous
    June 15, 2018
    Just had this issue trying to remote into my WSUS server after upgrading to Windows 10 Pro 1803 (along with other issues :( )
    • Anonymous
      June 15, 2018
      Resolved it with no issues!