Two days ago I was doing some general maintenance using the new Windows Admin Centre server that I've just deployed to my test environment when all of a sudden, I encounter a WinRM error when attempting to connect to servers within my estate.
At first, I thought it was a bug with WAC but keeping an open mind, I attempted to establish a remote session via PowerShell to the same server and again... a WinRM error?
Now the sweat starts to form as I'm thinking that there may be a bigger problem with my estate. I then attempted to establish an RDP connection to my servers and was met by this error:
Very Odd? I then checked using another system which worked as expected so at least at this point the problem is with my PC and not my servers/network.
Next step, what has changed on my system in the past 24 hours? Of course, windows updates...
I check for any newly installed windows updates and found KB4103727 had been deployed to my machine.
A quick look at the release notes from MS and this update does contain a fix relating to RDP and CredSSP. (https://support.microsoft.com/en-gb/help/4103727/windows-10-update-kb4103727)
I removed the update and rebooted my PC which seemed to fix the issue. RDP, etsn via PowerShell and WAC all started to work as before.
Great? almost....Except that very same update contains a large number of security fixes. So a little more diggin'
Adding the following keys and DWORD to the registry of the source computer seems to fix the issue without removing the update.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
"AllowEncryptionOracle"=dword:00000002
If the keys are missing, simply add them and remember, always backup before making any changes to the registry of a computer.
I've now left my PC with the amended registry and so far, so good. If that changes I'll update you all.
Enjoy :)
Simon Thanks for this amazing Fix been trying to figure this one out for days
ReplyDelete