Problem
One of my minions contacted me about a strange error message connecting to a server. He was running scheduled maintenance, but he was unable to connect via RDP to one of his servers. The error message looked like this:
“An authentication error occurred The Function requested is not supported”
“This could be due to CredSSP encryption oracle remediation”
Analysis
Some Microsoft gremlin thought it was a good idea to block remote connections to Windows 2012R2 servers missing the march 2018 CredSSP patch if your client is patched. You know, just to make it extra easy to patch the servers. They even try to blame Oracle for their mess.
According to 4093492, this fine function was enabled on 2018-05-08. “By default, after this update is installed, patched clients cannot communicate with unpatched servers.” You can override this by creating a GPO and restarting all affected systems, but that would leave you permanently vulnerable to what is in fact a security issue. Moreover, as a reboot is needed for the workaround it is easier to just patch the servers (which was our initial plan).
Solution
Install the patches from this list on your servers: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886. If you are lucky they are just VMs and you have access to the VM console ore some kind of KVM. If you are not lucky, a trip to the server room it is.
