CredSSP Prevents Remote Desktop Connection

  • Article

Hello,

I have a lab environment that I try to keep a working version of the AzureFondation and recently I havent' been able to log into the domain controllers that handle my AAD Connect servers.

The error message:  "An Authentication error has occurred.  The function requested is not supported Remote computer: w2padds1a.slg044.us This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwling/?linked=866660"

https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

This is where I find out that my VMs are not auto updating.  I know, this isn't the best way to build VMs that don't automatically update, but I was in a hurry when I deployed the lab.

The issue:  If I can't RDP to the server how can I run System Update?

The solution:

From a patched RDP server with network connectivity to your Azure server's that need to get this patch applied,

  1. Get PSEXEC.exe
  2. Get the PowerShell Script, PS_WinUpdate to update the VM.
  3. Open a CMD prompt in Admin Mode
  4. Run the following command:  psexec.exe -s \\w1padds1a cmd (this will open a remote command prompt on the RDS session)
  5. Now that you have a remote session, run the powershell script:  powershell.exe c:\users\willstgov\documents\ps_winupdate.ps1 (I was able to get a mapped drive to the server and copy the script to the remote computer)

 

This poor server needed to update a lot of things so it is still running :)

Next steps will be to have an automation account running that updates the VMs the way they should be.

 

Will.