This error occurs when users try to establish an unsecure connection with a remote desktop. It happens if the CredSSP(Credential Security Support Provider) encryption has not been updated to version ‘CVE-2018-0886’ or if the Remote Desktop Client refuses to connect due to network level authentication being enabled.
The best way to solve ‘An Authentication Error has Occurred. The Function Requested Is Not Supported’ would be to update the CredSSP protocol. If the CredSSP is up-to-date and you’re still encountering this problem, you can disable certain group policies to fix the issue.
Update CredSSP Protocol
The CredSSP protocol is responsible for authenticating and establishing a secure connection with the remote desktop. It works by delegating credentials of the user to the remote server. Updating the protocol through Windows update can help fix the issue.
To update the CredSSP protocol
- Press the Windows key + I to open Settings
- Click on the Windows update tab
- Click on the Check for updates button
- If updates are available, select Download & Install to begin the update
If the automatic update process fails to update the protocol, you will need to manually download and update the security patches. First, check for the version of Windows installed on your device
- Open Run by pressing the Windows key + R
- Type
winver
on the console and note down the information displayed - After, visit Microsoft’s Security Response Center
- Search for the latest security patch or one that is compatible with your version of Windows
- Download and install the security patch to update the protocol
Perform the update on both the client and server computers to solve the error.
Change/Update Group Policies
Note: This fix is not applicable for users who have Windows Home edition installed on their system.
If updating the CredSSP protocol still displays the error, you will need to make changes on the Group policy. To be precise, change the ‘Encryption Oracle Remediation’, ‘Require user authentication for remote connections by using Network Level Authentication’ and ‘Require use of a specific security layer for remote (RDP) connections’ to vulnerable and disabled.
To change the Encryption Oracle Remediation policy
- Open Run and type
gpedit.msc
to open the Group Policy Editor - Now, navigate to
Computer Configuration> Administrative Templates> System> Credentials Delegation - Open the folder and inside, open the Encryption Oracle Remediation setting
- Set it to Enabled and change the protection level to Vulnerable
- Click on OK and Apply to save change
To change the ‘Network Level Authentication’ and ‘Require use of specific security layer for remote (RDP) connections’ policies
- From Group policy editor, navigate to
Computer Configuration> Administrative Templates> Windows Components> Remote Desktop Services> Remote Desktop Session Host> Security - From the folder, open each policy and set them to Disabled
- Now open Windows PowerShell and type
gpupdate /force
to apply the settings immediately. - Log out or restart your device to make the changes take effect
Change Protection Level from Registry
If you are running the home version of Windows, you can still change the ‘Encryption Oracle Remediation’ setting from the Windows Registry editor.
- Open Run and type
regedit
to open the Registry editor - Navigate to
Computers\HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
- Search for the AllowEncryptionOracle key and open it
- Set the Value data to 2 and click on OK
If you cannot find the subkey or the value, you will need to create an new key
- On the Registry, navigate to
Computers\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
- Click on New> Key and name it
CredSSP
- Click on the key and again, create a new key inside it named
Parameters
- Open the Parameters key and right-click on it to select New> DWORD Value(32 bit)
- Name the value as
AllowEncryptionOracle
- Open it and set the Value data to 2
Disable Network Level Authentication
By disabling network level authentication, you can stop the “An authentication error has occurred. The function requested is not supported” error from appearing temporarily. The authentication method uses the CredSSP for pre-authenticating the remote desktop connection.
- Open Settings by pressing the Windows key + I
- On the System tab, scroll down and click on About
- Click on Advanced system settings
- On the new window, click on the Remote tab
- Uncheck the ‘Allow connections only from computers running Remote Desktop with Network Level Authentication’ option
- Click on OK and Apply to save changes
From Command Prompt
By using command prompt, you can also change the Encryption Oracle to vulnerable. This process however, will make your device susceptible to security risks.
- Open Run and type
cmd
- Press the Ctrl + Shift + Enter keys to open Command prompt with elevated access
- On the console, type
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2
- Close the Command prompt window and then restart your device
Check if the error occurs while establishing remote connection