Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Fix: RDP Authentication Error Has Occurred – The Function Requested Is Not Supported

July 12, 2019 Questions and AnswersWindows 10Windows 7Windows Server 2012 R2

Fix: RDP Authentication Error Has Occurred – The Function Requested Is Not Supported

After installing the latest security updates on my Windows 10 desktop, I can’t remotely connect to my new VDS server (running Windows Server 2012 R2) using the Remote Desktop. When I specify the RDP server name in the mstsc.exe client window and click “Connect”, an error appears:

Remote Desktop Connection
An authentication error has occurred.
The function requested is not supported.
Remote computer: computer_name

win 7 - An authentication error has occurred. The function requested is not supported

After I uninstalled the latest updates and rebooted my computer, I was able to connect to a remote server via RDP. As I understand, this is a temporary workaround. A new cumulative Windows update package will arrive and will be installed next month, and the RDP authentication error will return. Can you advise me something?

Answer

You are absolutely right. It’s pointless to solve this problem by removing installed Windows update because you are exposing your computer to the risk of exploiting the various vulnerabilities that this update fixes. The RDP error “An authentication error has occurred” can also appear when trying to run a RemoteApp application.

Why is this happening? The fact is that the latest security updates (released after May 2018) are installed on your Windows 10 desktop. These updates fix a serious vulnerability in the CredSSP protocol (Credential Security Support Provider) used for authentication on RDP servers (CVE-2018-0886 – read carefully the article RDP authentication error: CredSSP Encryption Oracle Remediation). These updates are not installed on your RDP/RDS server side, and the NLA (Network Level Authentication) is enabled for remote desktop access. NLA uses CredSSP mechanisms to pre-authenticate RDP users over TLS/SSL or Kerberos. Your computer simply blocks the remote desktop connection to a server that uses the vulnerable version of CredSSP.

What can you do to fix this problem and connect to your RDP server?

  1. The most correct way to solve the problem is to install the latest cumulative Windows security updates on a remote computer or RDS server (to which you are trying to connect via RDP);
  2. Workaround 1. You can disable NLA (Network Level Authentication) on the RDP server side (as described below);
  3. Workaround 2. You can re-configure your desktops by allowing them to connect to the Remote Desktop with an unsafe version of CredSSP (as described in the article at the link above). To do this, change the registry parameter AllowEncryptionOracle (use the command: REG ADD
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 2
    ) or change the local policy Encryption Oracle Remediation by setting its value to Vulnerable. This is the only way to access a remote server via RDP if you can’t log in on the server locally (via the ILO, virtual machine console or cloud provider web-interface). You can connect to a remote server in this mode and install the latest security updates. After updating the server, don’t forget to disable the policy or return the value of the registry parameter AllowEncryptionOracle to 0 (REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle /t REG_DWORD /d 0).

Disable NLA for Remote Desktop in Windows

If NLA is enabled on your RDP server, this means that CredSSP is used for RDP users’ pre-authentication. You can disable Network Level Authentication in the System Properties on the Remote tab by unchecking the options “Allow connection only from computers running Remote Desktop with Network Level Authentication (recommended)” (Windows 10 /8.1 or Windows Server 2012R2/2016).

disable nla remote settings

In Windows 7 (Windows Server 2008 R2), this option is called differently. On the Remote tab, select the option “Allow connections from computers running any version of Remote Desktop (less secure)“.

windows 7 / server 2008r2 disable nla for rdp connection

You can also disable Network Level Authentication (NLA) using the Local Group Policy editor – gpedit.msc (you can run the gpedit.msc in Windows 10 Home edition like this) or using the domain group policy management console – GPMC.msc. In the policy editor go to the section Computer Configuration –> Administrative Templates –> Windows Components –> Remote Desktop Services –> Remote Desktop Session Host –> Security, find and disable the policy “Require user authentication for remote connections by using Network Level Authentication“.

GPO: Require user authentication for remote connections by using Network Level Authentication

You also need to select the RDP Security Layer in the “Require use of specific security layer for remote (RDP) connections” policy settings.

To apply new RDP settings, you need to update the group policies on a local computer (gpupdate / force) or reboot your desktop. After that, you should successfully connect to the remote desktop.

8 comments
2
Facebook Twitter Google + Pinterest
previous post
How to Upgrade Windows Server 2019/2016 Evaluation to Full Version?
next post
Remote Desktop Cannot Verify the Identity of Remote Computer Because Time/Date Difference

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

How to Shadow (Remote Control) a User’s RDP...

February 22, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Configuring Proxy Settings on Windows Using Group Policy...

February 17, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

8 comments

Arvind May 30, 2018 - 10:35 am

Thanks for update its work for me.:)

Reply
Dmitry May 31, 2018 - 6:37 am

great thanks! it helped!

Reply
Krishan December 4, 2019 - 2:59 am

It helped!.

Reply
rodrigo December 23, 2019 - 7:57 pm

Thanks you for this information. I deploy the virtual machine from ISO 1703 win10 ent. with same problem…. disabling this options NLA fix my problem. thanks you!

Reply
Bunyamin April 10, 2020 - 12:02 pm

We have experienced same error issue.A re-start of server has solved.

Reply
HaterMicrosoft August 20, 2020 - 8:10 pm

There is neither such option like Remote Desctop in System Properties->Remote nor utility gpedit in my latest version of Windows 10… Insane OS, insane company!

Reply
AskMeIKnowAll December 3, 2020 - 10:32 am

There is a differences between Windows 10 Home and Windows 10 Pro 😉

Reply
sirjinn January 12, 2021 - 3:49 am

this worked for me. thanks!

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10

    February 5, 2021
  • How to Move (Clone) Windows to a New Hard Drive (HDD/SSD)?

    February 4, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Windows 10 1803 can’t run EXE files from a network shared folders
  • Windows Defender Threat Service has stopped. Restart it now
  • How to Configure MariaDB Master-Master/Slave Replication?
  • Slow RemoteAPP Experience, Mouse and Menu Lags after Windows 10 1803 April Update
  • Can’t Remove Extra Languages after Windows 10 1803 April Update
  • How to Mount Google Drive or OneDrive in Linux?
  • Edge Browser and Store Stopped Working after Windows 10 1809 Update
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top