Fix: “An Authentication Error has Occurred. The Function Requested Is Not Supported”

GrishmBy
an authentication error has occurred. the function requested is not supported

This error occurs when users try to establish an unsecure connection with a remote desktop. It happens if the CredSSP(Credential Security Support Provider) encryption has not been updated to version ‘CVE-2018-0886’ or if the Remote Desktop Client refuses to connect due to network level authentication being enabled.

The best way to solve ‘An Authentication Error has Occurred. The Function Requested Is Not Supported’ would be to update the CredSSP protocol. If the CredSSP is up-to-date and you’re still encountering this problem, you can disable certain group policies to fix the issue.

Update CredSSP Protocol

The CredSSP protocol is responsible for authenticating and establishing a secure connection with the remote desktop. It works by delegating credentials of the user to the remote server. Updating the protocol through Windows update can help fix the issue.

To update the CredSSP protocol

  1. Press the Windows key + I to open Settings
  2. Click on the Windows update tab
  3. Click on the Check for updates button
    check for updates
  4. If updates are available, select Download & Install to begin the update

If the automatic update process fails to update the protocol, you will need to manually download and update the security patches. First, check for the version of Windows installed on your device

  1. Open Run by pressing the Windows key + R 
  2. Type winver on the console and note down the information displayed 
    windows version
  3. After, visit Microsoft’s Security Response Center 
    security updates
  4. Search for the latest security patch  or one that is compatible with your version of Windows
    download security patch
  5. Download and install the security patch to update the protocol

Perform the update on both the client and server computers to solve the error.

Change/Update Group Policies

Note: This fix is not applicable for users who have Windows Home edition installed on their system.  

If updating the CredSSP protocol still displays the error, you will need to make changes on the Group policy. To be precise, change the ‘Encryption Oracle Remediation’,  ‘Require user authentication for remote connections by using Network Level Authentication’ and ‘Require use of a specific security layer for remote (RDP) connections’ to vulnerable and disabled.

To change the Encryption Oracle Remediation policy

  1. Open Run and type gpedit.msc to open the Group Policy Editor
  2. Now, navigate to
    Computer Configuration> Administrative Templates> System> Credentials Delegation
  3. Open the folder and inside, open the Encryption Oracle Remediation setting
    encryption oracle
  4. Set it to Enabled and change the protection level to Vulnerable
    encryption oracle vulnerable
  5. Click on OK and Apply to save change

To change the ‘Network Level Authentication’ and ‘Require use of specific security layer for remote (RDP) connections’ policies

  1. From Group policy editor, navigate to
    Computer Configuration> Administrative Templates> Windows Components> Remote Desktop Services> Remote Desktop Session Host> Security
    edit group policy
  2. From the folder, open each policy and set them to Disabled
    disable policies
  3. Now open Windows PowerShell and type gpupdate /force to apply the settings immediately.
    gpupdate
  4. Log out or restart your device to make the changes take effect 

Change Protection Level from Registry

Note: We suggest users to make a backup of their registry before performing this fix.

If you are running the home version of Windows, you can still change the ‘Encryption Oracle Remediation’ setting from the Windows Registry editor.

  1. Open Run and type regedit to open the Registry editor
  2. Navigate to Computers\HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
  3. Search for the AllowEncryptionOracle key and open it
  4. Set the Value data to 2 and click on OK

If you cannot find the subkey or the value, you will need to create an new key

  1. On the Registry, navigate to Computers\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
  2. Click on New> Key and name it CredSSP
    new registry key
  3. Click on the key and again, create a new key inside it named Parameters
    new key credssp
  4. Open the Parameters key and right-click on it to select New> DWORD Value(32 bit) 
  5. Name the value as AllowEncryptionOracle
    set credssp value
  6. Open it and set the Value data to 2

Disable Network Level Authentication

By disabling network level authentication, you can stop the “An authentication error has occurred. The function requested is not supported” error from appearing temporarily. The authentication method uses the CredSSP for pre-authenticating the remote desktop connection.

Note: This method however, is a workaround solution only and can leave your device vulnerable.
  1. Open Settings by pressing the Windows key + I
  2. On the System tab, scroll down and click on About
  3. Click on Advanced system settings
    advance system setting
  4. On the new window, click on the Remote tab
  5. Uncheck the ‘Allow connections only from computers running Remote Desktop with Network Level Authentication’ option
  6. Click on OK and Apply to save changes

From Command Prompt

By using command prompt, you can also change the Encryption Oracle to vulnerable. This process however, will make your device susceptible to security risks. 

  1. Open Run and type cmd 
  2. Press the Ctrl + Shift + Enter keys to open Command prompt with elevated access
  3. On the console, type
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2
    change registry value from cmd
  4. Close the Command prompt window and then restart your device

Check if the error occurs while establishing remote connection

Related Posts

Add A Comment

Leave A Reply