Fix: “An Authentication Error has Occurred. The Function Requested Is Not Supported”

This error occurs when users try to establish an unsecure connection with a remote desktop. It happens if the CredSSP(Credential Security Support Provider) encryption has not been updated to version ‘CVE-2018-0886’ or if the Remote Desktop Client refuses to connect due to network level authentication being enabled.

The best way to solve ‘An Authentication Error has Occurred. The Function Requested Is Not Supported’ would be to update the CredSSP protocol. If the CredSSP is up-to-date and you’re still encountering this problem, you can disable certain group policies to fix the issue.

Update CredSSP Protocol

The CredSSP protocol is responsible for authenticating and establishing a secure connection with the remote desktop. It works by delegating credentials of the user to the remote server. Updating the protocol through Windows update can help fix the issue.

To update the CredSSP protocol

1. Press the Windows key + I to open Settings
2. Click on the Windows update tab
3. Click on the Check for updates button
   
4. If updates are available, select Download & Install to begin the update

If the automatic update process fails to update the protocol, you will need to manually download and update the security patches. First, check for the version of Windows installed on your device

1. Open Run by pressing the Windows key + R 
2. Type winver on the console and note down the information displayed 
   
3. After, visit Microsoft’s Security Response Center 
   
4. Search for the latest security patch  or one that is compatible with your version of Windows
   
5. Download and install the security patch to update the protocol

Perform the update on both the client and server computers to solve the error.

Change/Update Group Policies

If updating the CredSSP protocol still displays the error, you will need to make changes on the Group policy. To be precise, change the ‘Encryption Oracle Remediation’,  ‘Require user authentication for remote connections by using Network Level Authentication’ and ‘Require use of a specific security layer for remote (RDP) connections’ to vulnerable and disabled.

To change the Encryption Oracle Remediation policy

1. Open Run and type gpedit.msc to open the Group Policy Editor
2. Now, navigate to
   Computer Configuration> Administrative Templates> System> Credentials Delegation
3. Open the folder and inside, open the Encryption Oracle Remediation setting
   
4. Set it to Enabled and change the protection level to Vulnerable
   
5. Click on OK and Apply to save change

To change the ‘Network Level Authentication’ and ‘Require use of specific security layer for remote (RDP) connections’ policies

1. From Group policy editor, navigate to
   Computer Configuration> Administrative Templates> Windows Components> Remote Desktop Services> Remote Desktop Session Host> Security
   
2. From the folder, open each policy and set them to Disabled
   
3. Now open Windows PowerShell and type gpupdate /force to apply the settings immediately.
   
4. Log out or restart your device to make the changes take effect 

Change Protection Level from Registry

If you are running the home version of Windows, you can still change the ‘Encryption Oracle Remediation’ setting from the Windows Registry editor.

1. Open Run and type regedit to open the Registry editor
2. Navigate to Computers\HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
3. Search for the AllowEncryptionOracle key and open it
4. Set the Value data to 2 and click on OK

If you cannot find the subkey or the value, you will need to create an new key

1. On the Registry, navigate to Computers\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
2. Click on New> Key and name it CredSSP
   
3. Click on the key and again, create a new key inside it named Parameters
   
4. Open the Parameters key and right-click on it to select New> DWORD Value(32 bit) 
5. Name the value as AllowEncryptionOracle
   
6. Open it and set the Value data to 2

Disable Network Level Authentication

By disabling network level authentication, you can stop the “An authentication error has occurred. The function requested is not supported” error from appearing temporarily. The authentication method uses the CredSSP for pre-authenticating the remote desktop connection.

1. Open Settings by pressing the Windows key + I
2. On the System tab, scroll down and click on About
3. Click on Advanced system settings
   
4. On the new window, click on the Remote tab
5. Uncheck the ‘Allow connections only from computers running Remote Desktop with Network Level Authentication’ option
6. Click on OK and Apply to save changes

From Command Prompt

By using command prompt, you can also change the Encryption Oracle to vulnerable. This process however, will make your device susceptible to security risks. 

1. Open Run and type cmd 
2. Press the Ctrl + Shift + Enter keys to open Command prompt with elevated access
3. On the console, type
   reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2
   
4. Close the Command prompt window and then restart your device

Check if the error occurs while establishing remote connection