If when you try to use the Remote Desktop Connection between two Windows computers and you receive the error message; An Authentication error has occurred – The Function requested is not supported, then this post is intended to help you. In this post, we will identify some potential known causes that can trigger the error and then provide the possible solutions you can try to help remediate this issue.
When the Remote Desktop Connection authentication fails, you’ll receive the following error message;
Remote Desktop Connection
An authentication error has occurred.
The function requested is not supported.
Remote computer: Computer_Name or IP_Address
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660
As you can see from the image above, the error message is caused by the CredSPP Encryption Oracle Remediation.
Recently Microsoft found that a remote code execution vulnerability (CVE-2018-0886: encryption oracle attack) exists in CredSSP versions. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. So any application that depends on CredSSP for authentication was vulnerable to this type of attack.
To patch this security risk, Microsoft released a security update addressing the vulnerability by correcting how CredSSP validates requests during the authentication process. The patch updated CredSSP authentication protocol and Remote Desktop clients for all affected platforms.
After installing the update, patched clients were not able to communicate with unpatched servers. In other words, if the client computer has the security update installed but the server computer was not updated with the security update (or vice versa), the remote connection was unsuccessful and user received above-mentioned error message.
RDP connection error: Authentication error has occurred
If you’re faced with this An Authentication error has occurred – The Function requested is not supported issue, you can try our recommended solutions below to resolve the issue.
- Update Windows 10 with the latest security patches
- Modify the Encryption Oracle Remediation policy
- Create and configure the AllowEncryptionOracle registry key
Let’s take a look at the description of the process involved in relation to each of the listed solutions.
1] Update Windows 10 with the latest security patches
In this solution, it is recommended you install the CredSSP security patch in both computers (server and client). Alternatively, you can click Start > Settings > Update & Security > Windows Update > Check for Updates to download and install the latest cumulative update.
Once both computers have the CredSSP patch installed, the An Authentication error has occurred – The Function requested is not supported error message will be resolved.
If due to some reasons, you can’t install the security update in server or client computer, you can then use solutions 2 and 3 below.
2] Modify the Encryption Oracle Remediation policy
The error message can be resolved by using the Group Policy editor to modify the Encryption Oracle Remediation policy.
Note: This method does not apply to Windows 10 Home edition because the Local Group Policy Editor is not installed by default. But you can work around this issue by adding Local Group Policy Editor to Windows 10 Home edition.
To enable the Encryption Oracle Remediation policy, do the following:
- Press Windows key + R.
- In the Run dialog box type gpedit.msc and press Enter to open Group Policy Editor.
- Inside the Local Group Policy Editor, use the left pane to navigate to the path below:
Computer Configuration > Administrative Templates > System > Credentials Delegation
- On the right pane, double-click on Encryption Oracle Remediation to edit it’s properties.
- With the Encryption Oracle Remediation policy opened, set the radio button to Enabled.
- Next, scroll down to Protection Level and change it to Vulnerable.
- Click Apply > OK to save the changes.
You can now exit the Local Group Policy Editor and restart your computer. On boot, try the RDP connection again and see if the issue is resolved.
3] Create and configure the AllowEncryptionOracle registry key
This is the equivalent of enabling the Encryption Oracle Remediation policy. You can resolve the issue by creating and configuring the following registry key:
AllowEncryptionOracle: DWORD: 2
Once you have taken the necessary precautionary measures, you can proceed as follows:
- Press Windows key + R.
- In the Run dialog box, type regedit and press Enter to open Registry Editor.
- Navigate or jump to the registry key path below:
- Right-click System, select New > Key and set its name as CredSSP.
- Next, right-click CredSSP, select New > Key and set its name as Parameters.
- Now, right-click on the blank space on the right pane and then select New > DWORD (32-bit) Value.
- Rename the value name as AllowEncryptionOracle and hit Enter.
- Double-click on the new value to edit its properties.
- Input 2 in the Value data box and press Enter to save the change.
- Exit Registry Editor and restart you PC.
You should now be able to establish the Remote Desktop Connection successfully!