Windows RDP – CredSSP encryption oracle remediation

I have encountered this error on several systems over the past couple of months while attempting to create an RDP session to a Windows remote machine:


I found adding the registry entry detailed below to the client machine the quickest fix:


Create REG_DWORD: AllowEncryptionOracle
Value: 2


You can run the following cmd from an elevated prompt to apply the registry config:

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2


As per MS the issue was caused by a CredSSP update:

‘The most common scenario is that the client has the CredSSP update installed, and the Encryption Oracle Remediation policy setting does not allow an insecure RDP connection to a server that does not have the CredSSP update installed.’