The problem
You can get this error while trying to open an RDP session.
The reason
This is due to a combination of three factors:
- You activated NLA on your target computer
- The target computer is not patched for CVE-2018-0886
- You enforced the Force updated clients or Mitigated parameters on the source computer
Actually, NLA uses CredSPP (for pre-authentication) which is impacted by CVE-2018-0886.
The most common scenario is the following one:
- You enforced NLA on your servers since a long time
- You recently patched your workstations for CVE-2018-0886 and enforced the Force updated clients or Mitigated parameters on your workstations
- However, meanwhile, you didn’t patch your servers for CVE-2018-0886
- An now you are stuck with this error message when you try to open an RDP session on a non-patched server.
The solution
Choose one of the following solutions and see links in the More about section below if you don’t know how to do it.
- Patch your target computer for CVE-2018-0886 (Recommended)
- Enforce the Vulnerable parameter on the source computer (Not recommended)
- Disable NLA on your target computer (Not recommended)
Despite solution 2 and 3 are really not recommended, they can be a temporary workaround until you patch your target computer.
