如果当您尝试在两台Windows计算机之间(Windows)使用远程桌面连接(use the Remote Desktop Connection)时收到错误消息 -远程桌面连接错误,发生身份验证错误,不支持请求的功能(Remote Desktop Connection error, An Authentication error has occurred, The Function requested is not supported),那么这篇文章旨在帮助您。在这篇文章中,我们将确定一些可能触发错误的潜在已知原因,然后提供您可以尝试帮助修复此问题的可能解决方案。
当远程桌面连接(Remote Desktop Connection)身份验证失败时,您将收到以下错误消息;
Remote Desktop Connection
An authentication error has occurred.
The function requested is not supported.
Remote computer: Computer_Name or IP_Address
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660
从上图中可以看出,错误消息是由CredSPP Encryption Oracle Remediation引起的。您可以使用注册表(Registry)或组策略编辑器(Group Policy Editor)修复“发生身份验证错误,这可能是由于CredSSP加密 oracle 修复”错误。
最近微软发现(Microsoft)CredSSP版本存在远程代码执行漏洞(CVE-2018-0886:加密预言机攻击) 。成功利用此漏洞的攻击者可以中继用户凭据以在目标系统上执行代码。因此,任何依赖CredSSP进行身份验证的应用程序都容易受到此类攻击。
为了修补此安全风险,Microsoft发布了一个安全更新,通过更正CredSSP在身份验证过程中验证请求的方式来解决该漏洞。该补丁更新了所有受影响平台的CredSSP身份验证协议和远程桌面客户端。(Remote Desktop)
安装更新后,已修补的客户端无法与未修补的服务器通信。换句话说,如果客户端计算机安装了安全更新但服务器计算机没有更新安全更新(反之亦然),远程连接不成功,用户收到上述错误消息。
发生RDP 身份验证(RDP Authentication)错误,不支持请求的功能(Function)
如果您遇到远程桌面连接错误、发生身份验证错误、不支持请求的功能(Remote Desktop Connection error, An Authentication error has occurred, The Function requested is not supported)错误消息,您可以尝试以下我们推荐的解决方案来解决问题。
- 使用最新的安全补丁更新(Update)Windows 10
- 修改加密 Oracle 修复(Encryption Oracle Remediation) 策略
- 创建和配置AllowEncryptionOracle注册表项
让我们看一下与列出的每个解决方案相关的过程的描述。
1]使用最新的安全补丁更新 Windows 10(Update Windows 10)
在此解决方案中,建议您在两台计算机(服务器和客户端)上都安装CredSSP 安全补丁。(CredSSP security patch)或者,您可以单击开始(Start)>设置(Settings)>更新和安全(Update & Security)> Windows 更新(Windows Update)>检查更新(Check for Updates)以下载并安装最新的累积更新。
一旦两台计算机都安装了CredSSP补丁,就会出现身份验证错误 – 请求的功能不受支持的(An Authentication error has occurred – The Function requested is not supported)错误消息将得到解决。
如果由于某些原因,您无法在服务器或客户端计算机上安装安全更新,则可以使用下面的解决方案 2 和 3。
2]修改加密Oracle修复(Encryption Oracle Remediation) 策略
可以通过使用组策略(Group Policy)编辑器修改加密 Oracle 修复(Encryption Oracle Remediation) 策略来解决错误消息。
注意:(Note:)此方法不适用于Windows 10 家庭(Home)版,因为默认情况下未安装本地组策略编辑器。(Local Group Policy Editor)但是您可以通过将本地组策略编辑器添加到 Windows 10 家庭版来(adding Local Group Policy Editor to Windows 10 Home edition)解决此问题。
要启用加密 Oracle 修复(Encryption Oracle Remediation)策略,请执行以下操作:
- 按 Windows 键 + R。
- 在运行对话框中输入gpedit.msc并按 Enter打开组策略编辑器(open Group Policy Editor)。
- 在本地组策略编辑器(Local Group Policy Editor)中,使用左窗格导航到以下路径:
Computer Configuration > Administrative Templates > System > Credentials Delegation
- 在右侧窗格中,双击Encryption Oracle Remediation 以编辑其属性。
- 打开Encryption Oracle Remediation策略后,将单选按钮设置为Enabled。
- 接下来,向下滚动到 Protection Level 并将其更改为Vulnerable。
- 单击应用(Apply)>确定(OK)以保存更改。
您现在可以退出本地组策略编辑器(Local Group Policy Editor)并重新启动计算机。在启动时,再次尝试RDP连接并查看问题是否已解决。
3] 创建和配置AllowEncryptionOracle注册表项
这相当于启用 加密 Oracle 修复 (Encryption Oracle Remediation )策略。您可以通过创建和配置以下注册表项来解决此问题:
AllowEncryptionOracle: DWORD: 2
由于这是注册表操作,建议您备份注册表(back up the registry) 或 创建系统还原点 ,以防程序出错。
采取必要的预防措施后,您可以进行以下操作:
- 按 Windows 键 + R。
- 在“运行”对话框中,键入regedit并按Enter打开注册表编辑器(Registry Editor)。
- 导航或跳转到下面的注册表项路径:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- 右键单击System,选择New > Key并将其名称设置为CredSSP。
- 接下来,右键单击CredSSP,选择New > Key并将其名称设置为Parameters。
- 现在,右键单击右侧窗格中的空白区域,然后选择New > DWORD (32-bit) Value。
- 将值名称重命名为AllowEncryptionOracle ,然后按 Enter。
- 双击(Double-click)新值以编辑其属性。
- 在数值(Value)数据框中输入2 ,然后按( 2)Enter保存更改。
- 退出注册表编辑器(Registry Editor)并重新启动您的 PC。
您现在应该能够成功建立远程桌面连接(Remote Desktop Connection)!
Authentication error has occurred, Function requested is not supported
If when уou try to use the Remote Desktop Connection between two Windows computers and you receive the error message – Remote Desktop Connection error, An Authentication error has occurred, The Function requested is not supported, then this post is intended to help you. In this post, we will identify some potential known causes that can trigger the error and then provide the possible solutions you can try to help remediate this issue.
When the Remote Desktop Connection authentication fails, you’ll receive the following error message;
Remote Desktop Connection
An authentication error has occurred.
The function requested is not supported.
Remote computer: Computer_Name or IP_Address
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660
As you can see from the image above, the error message is caused by the CredSPP Encryption Oracle Remediation. You can fix the ‘An authentication error has occurred, This could be due to CredSSP encryption oracle remediation’ error by using Registry or Group Policy Editor.
Recently Microsoft found that a remote code execution vulnerability (CVE-2018-0886: encryption oracle attack) exists in CredSSP versions. An attacker who successfully exploits this vulnerability could relay user credentials to execute code on the target system. So any application that depends on CredSSP for authentication was vulnerable to this type of attack.
To patch this security risk, Microsoft released a security update addressing the vulnerability by correcting how CredSSP validates requests during the authentication process. The patch updated CredSSP authentication protocol and Remote Desktop clients for all affected platforms.
After installing the update, patched clients were not able to communicate with unpatched servers. In other words, if the client computer has the security update installed but the server computer was not updated with the security update (or vice versa), the remote connection was unsuccessful and user received above-mentioned error message.
RDP Authentication error has occurred, Function requested is not supported
If you’re faced with Remote Desktop Connection error, An Authentication error has occurred, The Function requested is not supported error message, you can try our recommended solutions below to resolve the issue.
- Update Windows 10 with the latest security patches
- Modify the Encryption Oracle Remediation policy
- Create and configure the AllowEncryptionOracle registry key
Let’s take a look at the description of the process involved in relation to each of the listed solutions.
1] Update Windows 10 with the latest security patches
In this solution, it is recommended you install the CredSSP security patch in both computers (server and client). Alternatively, you can click Start > Settings > Update & Security > Windows Update > Check for Updates to download and install the latest cumulative update.
Once both computers have the CredSSP patch installed, the An Authentication error has occurred – The Function requested is not supported error message will be resolved.
If due to some reasons, you can’t install the security update in server or client computer, you can then use solutions 2 and 3 below.
2] Modify the Encryption Oracle Remediation policy
The error message can be resolved by using the Group Policy editor to modify the Encryption Oracle Remediation policy.
Note: This method does not apply to Windows 10 Home edition because the Local Group Policy Editor is not installed by default. But you can work around this issue by adding Local Group Policy Editor to Windows 10 Home edition.
To enable the Encryption Oracle Remediation policy, do the following:
- Press Windows key + R.
- In the Run dialog box type gpedit.msc and press Enter to open Group Policy Editor.
- Inside the Local Group Policy Editor, use the left pane to navigate to the path below:
Computer Configuration > Administrative Templates > System > Credentials Delegation
- On the right pane, double-click on Encryption Oracle Remediation to edit it’s properties.
- With the Encryption Oracle Remediation policy opened, set the radio button to Enabled.
- Next, scroll down to Protection Level and change it to Vulnerable.
- Click Apply > OK to save the changes.
You can now exit the Local Group Policy Editor and restart your computer. On boot, try the RDP connection again and see if the issue is resolved.
3] Create and configure the AllowEncryptionOracle registry key
This is the equivalent of enabling the Encryption Oracle Remediation policy. You can resolve the issue by creating and configuring the following registry key:
AllowEncryptionOracle: DWORD: 2
Since this is a registry operation, it is recommended that you back up the registry or create a system restore point in case the procedure goes wrong.
Once you have taken the necessary precautionary measures, you can proceed as follows:
- Press Windows key + R.
- In the Run dialog box, type regedit and press Enter to open Registry Editor.
- Navigate or jump to the registry key path below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Right-click System, select New > Key and set its name as CredSSP.
- Next, right-click CredSSP, select New > Key and set its name as Parameters.
- Now, right-click on the blank space on the right pane and then select New > DWORD (32-bit) Value.
- Rename the value name as AllowEncryptionOracle and hit Enter.
- Double-click on the new value to edit its properties.
- Input 2 in the Value data box and press Enter to save the change.
- Exit Registry Editor and restart you PC.
You should now be able to establish the Remote Desktop Connection successfully!
