Windows RDP – CredSSP encryption oracle remediation

I have encountered this error on several systems over the past couple of months while attempting to create an RDP session to a Windows remote machine:


I found adding the registry entry detailed below to the client machine the quickest fix:


Create REG_DWORD: AllowEncryptionOracle
Value: 2


You can run the following cmd from an elevated prompt to apply the registry config:

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2


As per MS the issue was caused by a CredSSP update:

‘The most common scenario is that the client has the CredSSP update installed, and the Encryption Oracle Remediation policy setting does not allow an insecure RDP connection to a server that does not have the CredSSP update installed.’

Windows Powershell – Setting Environment Variable

The following describes how to leverage the $ENV:PATH syntax within powershell to add a value to the Path environment variable, please note changing the environment variables using this method only works for the current powershell session. If you wish to make this change persist in the registry then use System properties->Advanced->Environment Variables->Path->Edit->Edit Text 

psenvpath1 Continue reading