22A Hue Street, Hanoi, Vietnam 0904092014 info@binhminhitc.com

The problem

You can get this error while trying to open an RDP session.

The reason

This is due to a combination of three factors:

  • You activated NLA on your target computer
  • The target computer is not patched for CVE-2018-0886
  • You enforced the Force updated clients or Mitigated parameters on the source computer

Actually, NLA uses CredSPP (for pre-authentication) which is impacted by CVE-2018-0886.

The most common scenario is the following one:

  1. You enforced NLA on your servers since a long time
  2. You recently patched your workstations for CVE-2018-0886 and enforced the Force updated clients or Mitigated parameters on your workstations
  3. However, meanwhile, you didn’t patch your servers for CVE-2018-0886
  4. An now you are stuck with this error message when you try to open an RDP session on a non-patched server.

The solution

Choose one of the following solutions and see links in the More about section below if you don’t know how to do it.

  • Patch your target computer for CVE-2018-0886 (Recommended)
  • Enforce the Vulnerable parameter on the source computer (Not recommended)
  • Disable NLA on your target computer (Not recommended)

Despite solution 2 and 3 are really not recommended, they can be a temporary workaround until you patch your target computer.