Wednesday, 9 May 2018

Remote Desktop Client: An authentication error has occurred. *Workaround

Updates last night included one for CredSSP CVE-2018-0886.

For those of us that are hesitant to patch our servers the instant a patch is available we'll be seeing RD Clients unable to connect for the period prior to our regression testing and release cycle.

Remote Desktop Connection

An authentication error has occurred.
The function requested is not supported.

Remote Computer: SERVERNAME
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

For now, the workaround on the remotely connecting RD Clients is to set the following registry key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
"AllowEncryptionOracle"=dword:00000002

Copy and paste the above into Notepad and Save As "CredSSP.REG" in a quickly accessible location.

Double click on the created file and MERGE. An elevated Registry Editor session would also allow for import via the FILE menu.

Once the above registry setting is in-place reboot the client machine and the connection should work.

Happy Patching! :)

UPDATE 2018-05-09 @ 10:47 MST: A caveat:

It is better to update the server backend, if possible, before making the above registry change.

If that is _not_ possible, then after the updates have been applied on the server(s) make sure to _change_ the registry setting to its most secure setting.

UPDATE 2018-05-10 @ 17:38 MST:

Update sources:

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service

Tuesday, 1 May 2018

PowerShell Guide Series: Storage Spaces Direct PowerShell Node Published

Apologies for the double post, one of the bulleted links was broken. :(

One of the difficult things about putting our setup guides on our blog was the fact that when we changed them, which was frequent, it became a bit of a bear to manage.
So, we're going to be keeping a set up guides on our site to keep things simple.

The first of the series has been published here:

This guide is a walkthrough to set up a 2-Node Storage Spaces Direct (S2D) cluster node from scratch. There are also steps in there for configuring RoCE to allow for more than two nodes if there is a need.
We will be updating the existing guides on a regular basis but also publishing new ones as we go along.

Thanks for reading!

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service

PowerShell Guide Series: Storage Spaces Direct PowerShell Node Published

One of the difficult things about putting our setup guides on our blog was the fact that when we changed them, which was frequent, it became a bit of a bear to manage.
So, we're going to be keeping a set up guides on our site to keep things simple.
The first of the series has been published here:
This guide is a walkthrough to set up a 2-Node Storage Spaces Direct (S2D) cluster node from scratch. There are also steps in there for configuring RoCE to allow for more than two nodes if there is a need.
We will be updating the existing guides on a regular basis but also publishing new ones as we go along.
Thanks for reading!
Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service