Description of the problem:
When using remote desktop, an error occurs because the CredSSP encrypted database fixes the problem, and the problem can be solved by setting group policies
远程桌面连接
出现身份验证错误。
要求的函数不受支持错误
CAUTION: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using other methods. These problems may require you to reinstall your operating system.
Solution:
1. Press win+r on the keyboard to open the run command window, enter regedit, and open the registry
2. Create a new CredSSP configuration item
2.1 Find the path\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
2.2 Right-click System, and the new item is the CredSSP folder
2.3 Repeat 2.2, create a new Parameters under the CredSSP directory
2.4 Create a new DWORD (32-bit) value item under Parameters
2.5 Right-click and rename it to AllowEncryptionOracle, then modify the value data to 2, and the default base is hexadecimal
3. Reconnect, the connection is successful, and the problem is solved
Appendix:
The Encryption Oracle Remediation Group Policy supports the following three options, which should be applied to clients and servers:
| Policy Settings | Registry Values | Client Behavior | Server Behavior|
| policy setting | registry value | client behavior | server behavior |
|---|---|---|---|
| Forcibly updated clients | 0 | Client applications using CredSSP will not be able to fall back to insecure versions. | Services using CredSSP will not accept unpatched clients. NOTE This setting should not be deployed until all Windows and third-party CredSSP clients support the latest CredSSP version. |
| ease | 1 | Client applications using CredSSP will not be able to fall back to insecure versions. | Services using CredSSP will accept unpatched clients. |
| Vulnerable | 2 | Client applications using CredSSP will expose remote servers to attacks by supporting fallbacks to insecure versions. | Services using CredSSP will accept unpatched clients. |