Welcome Message

Hello my dear reader,

Welcome to my blog, which is dedicated to Cisco technologies. On its pages we will talk about the limitless world of telephony and networking.

We will focus mostly on Cisco collaboration solutions and technologies. These are IP PBX based on Cisco Unified Communications Manager and Cisco Unified Communications Manager Express, Cisco contact centers, Cisco Voice Gateways, etc. Also, I will introduce you the education news: Cisco authorized courses, my own developed training programs, our upcoming events, online learning.

If you have any questions regarding my posts, job or activities, please feel free to ask your questions. I will try to answer them when I have time.

If you are satisfied with the content of my blog, isn’t that worth a beer or coffee? Donations help me to continue supporting the blog and creating new posts here — things for which I spend hours of my free time! Thank you very much!

Sincerely, Dmytro Benda

Sunday, September 23, 2018

CredSSP Encryption Oracle Remediation error when using RDP

When working with Cisco UCCE and its components, you often need to remotely connect to one or another system component via Remote Desktop Protocol (RDP). Sometimes the RDP session is not established, and the CredSSP Encryption Oracle Remediation error is issued. Let's see how it can be fixed.
The causes of this problem, as well as options for solving it, are described in detail in various sources. When writing this post, I used one of them, the link to the source is below (the screenshots are also taken from it):

https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

In short, Microsoft discovered a vulnerability in the CredSSP protocol in early 2018. The essence of the problem is that it was possible, bypassing the check, to execute various commands on the server itself on behalf of the used accounts, including installing and removing arbitrary software, changing and deleting data on the server, and creating accounts with arbitrary rights. To solve this problem, the vendor has released a number of patches. However, error-free operation requires the installation of these patches both on the client side and on the server side. If the patch is only installed on the client and not installed on the server, RDP will not run, signaling a problem with CredSSP:

Of course, the correct way out of the situation is to install the required Microsoft patches on both sides. But in order to gain temporary access to a non-updated server, you can use two methods:

Method 1. Temporarily change the policy settings through the Local Group Policy Editor on the computer on which you are using the RDP client (i.e. on the client machine). Run gpedit.msc, then follow the path Computer Configuration / Administrative Templates / System / Credentials Delegation in the window on the left:


Change Encryption Oracle Remediation to Enabled and Protection Level to Vulnerable:


Method 2: The Local Group Policy Editor is not available on Windows Home Edition. In this case, changes can be made through the Windows registry (this command is executed through Windows Power Shell):

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

After making such changes, you will get remote access to your server, on which you will need to install the required patch to eliminate the CredSSP protocol vulnerability. After the patch is installed on the server, the changes made on the client computer must be canceled and the policy settings returned to their original state.

No comments:

Post a Comment