Already had that fun the day the patch was released, Dave. Another temporary solution is to go into the Remote page of the System Properties on the RDP server and uncheck the box that says "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)".
You would think that MS would understand that servers don't get patched the same way as workstations but... -- rk -----Original Message----- From: ProfoxTech <profoxtech-boun...@leafe.com> On Behalf Of Dave Crozier Sent: Tuesday, May 22, 2018 12:07 PM To: profoxt...@leafe.com Subject: Microsoft Catch 22 RDP Update Gentlemen, Just had a 1 day full on panic here with the latest May 2018 update from Microsoft for Server 2008 and 2012. All the RDP (Remote desktop) sessions that used to connect now do NOT connect due to a change in the security settings on any client that has the latest Windows Updates. This has caused us real grief as we run multiple remote sessions onto the VM’s on a 3 node cluster. Only one of the nodes on the cluster ran an automatic update along with a few of the VM’s and we found it made RDP access via either HyperV connect or standard RDP impossible: “An Authentication error has occurred The function requested is not supported/ Remote computer xx.xx.xx.xx This could be due to CredSSP encryption oracle remediation. For more information see https://go.microsoft.com/fwlink/?linkid=899990” Nothing to do with oracle at all and all due to M$ updating security settings on a whim so as to mitigate the external code execution threat: “CVE-2018-0886: "A remote code execution vulnerability exists in unpatched versions of CredSSP. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. Any application that depends on CredSSP for authentication may be vulnerable to this type of attack." The solution, should any of you encounter this error is to update the server as well as the clients the May 2018 update level, not simply the client or the server. Fortunately this was fairly easy as we migrated all the VM’s onto a spare node, upgraded the empty node and then migrated back and then connected to each VM via HyperV connect and did the 2018-05 updates. At one stage we found ourselves unable to HyperV connect or RDP into any servers as our development machines are all updated automatically. Hence we were in a catch 22 situation….. Can’t connect to server in order to update the server, which would allow connection to the very server we couldn’t connect to. Thank god we had a spare cluster to migrate to! All in all a totally wasted day as some of the retrograde updates took over 60 minutes per VM and we have about 20 of them. Oh Joy! Thanks for the ‘heads up’ Mr Microsoft …. Where can I send the bill? Dave Crozier Software Development Manager Flexipol Packaging Ltd. --------------------------------------------------------------- This communication and the information it contains is intended for the person or organisation to whom it is addressed. Its contents are confidential and may be protected in law. If you have received this e-mail in error you must not copy, distribute or take any action in reliance on it. Unauthorised use, copying or disclosure of any of it may be unlawful. If you have received this message in error, please notify us immediately by telephone or email. Flexipol Packaging Ltd. has taken every reasonable precaution to minimise the risk of virus transmission through email and therefore any files sent via e-mail will have been checked for known viruses. However, you are advised to run your own virus check before opening any attachments received as Flexipol Packaging Ltd will not in any event accept any liability whatsoever once an e-mail and/or any attachment is received. It is the responsibility of the recipient to ensure that they have adequate virus protection. Flexipol Packaging Ltd. Unit 14 Bentwood Road Carrs Industrial Estate Haslingden Rossendale Lancashire BB4 5HH Tel:01706-222792 Fax: 01706-224683 www.Flexipol.co.uk --------------------------------------------------------------- Terms & Conditions: Notwithstanding delivery and the passing of risk in the goods, the property in the goods shall not pass to the buyer until the seller Flexipol Packaging Ltd. ("The Company") has received in cash or cleared funds payment in full of the price of the goods and all other goods agreed to be sold by the seller to the buyer for which payment is then due. Until such time as the property in the goods passes to the buyer, the buyer shall hold the goods as the seller's fiduciary agent and bailee and keep the goods separate from those of the buyer and third parties and properly stored protected and insured and identified as the seller's property but shall be entitled to resell or use the goods in the ordinary course of its business. Until such time as the property in the goods passes to the buyer the seller shall be entitled at any time _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/18725b8cd2d5d247873a2baf401d4ab2bedb1...@ex2010-a-fpl.fpl.LOCAL ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious. Report [OT] Abuse: http://leafe.com/reportAbuse/18725b8cd2d5d247873a2baf401d4ab2bedb1...@ex2010-a-fpl.fpl.LOCAL _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/dm5pr10mb124463853e610616e96b7c75d2...@dm5pr10mb1244.namprd10.prod.outlook.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
