How to reverse the CredSSP Vulnerable State

How to reverse the CredSSP Vulnerable State

Applies to: Previously Modified Workstations

Those who have taken steps to resolve the inability to login upon the release of the CredSSP patch from Microsoft following this article: Receiving Message: "An authentication error has occurred"
Requirements for Method #1 and Method #2: Local Administrative Privileges
Requirements for Method #1 , Method #2, and Method #3: Reboot Workstation

Method #1: The Easy Way

If the user has administrative privilege on their workstation, this would be the simplest way to revert the machine's security.
  • Download the CredSSP-Secure.reg file (Link to download on the bottom of this article)
  • Run the file, and allow it to merge with the registry
  • Reboot your computer
  • You're done.

Method #2: The Harder Way

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

  • Open the Registry: Start > Run > regedit
  • Navigate to: HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/system/CredSSP/Parameters
  • Double-click on the "AllowEncryptionOracle" key, and change the value from 2 to 1
  • Close regedit
  • Reboot your computer
  • You're done.

Method #3: For IT Admins

If this change was done globally to fix this via Group Policy:
  • Open the Group Policy in question
  • Navigate to: Computer Configuration > Administrative Templates > System > Credentials Delegation
  • Double click on "Encryption Oracle Remediation"
  • Change the value from "Vulnerable" to "Mitigation"
  • Deploy the policy
  • Note: The end user's workstations will require a reboot for this policy to take effect.

    • Related Articles

    • Receiving Message: "An authentication error has occurred" [RESOLVED]

      Problem: When logging in to gotomyerp, you receive one of the following errors and are unable to connect.    Reason: This issue has happened due to a recent security update released by Microsoft on the 05/08/2018 Patch Tuesday. The KBs that affect ...

    • Error: Unable to display RD Web Access

      Problem: In certain instance, users would receive the following error when launching the gotomyerp portal with Internet Explorer Reason: Unless this is happening for all users, this issue is caused by the workstation itself: usually an Internet ...

    • Basic Authentication and Emailing from Hosted Applications

      Office 365 Settings to Check With the announcement that SMTP Auth will continue to support Basic Authentication, there are a few settings in Office 365 that can still cause Basic Authentication to be disabled and cause issues with emailing from your ...

    • What information to include in a support ticket

      Summary The gotomyerp support team receives dozens of tickets per day, and we always strive to address your problem as soon as possible. When submitting a ticket, certain information is crucial to help you get to a resolution as fast as possible. ...

    • QuickBooks Problem connecting Error Code : OL-393 / OL-301

      Error When you try to do a bank feed or process a payment you get a message similar to the one below with bank name and number Fix The issue you are facing is due to your account bank or an issue with bank. You will need to call the bank the number ...