The March 2018 Windows 10 update includes a security patch that prevents the downgrading of Credential Security Support Provider (CredSSP) connections. This may cause an existing monitoring configuration to fail if it is attempting to connect to a server with a less secure version of the CredSSP protocol. The best option to resolve this issue is to ensure that all SharePoint servers have the latest Microsoft Windows updates.
If upgrading all SharePoint servers is not immediately possible, follow this article for a workaround to configure the GSX Monitor server to allow a fall back to the less secure connection. This will be done using the group policy editor.
Symptoms
- The request is not supported
How to Solve the Issue
The best scenario to resolve the issue is to ensure that all SharePoint servers are patched with the latest Microsoft Windows updates. If rebooting your production server or installing Windows updates are not possible at this time, the below procedure can be performed in the interim. The workaround will change the Credentials Delegation option in the group policy editor to allow CredSSP to fall back to the less secure connection.
Change Credentials Delegation workaround option:
- On your GSX Monitoring Station, open the Group Policy Editor by typing gpedit.msc in the Run box.
- Navigate to Computer Configuration - Administrative Templates - System - Credentials Delegation:
- Locate the entry Encryption Oracle Remediation:
- Even if this is showing Not configured it is still taking effect!
- Double click on Encryption Oracle Remediation and set it to Enabled:
- Under Options, set the Protection Level to Vulnerable and click OK:
This will now allow GSX Monitor to accept connections using CredSSP, regardless of the version.
We recommend changing the Protection Level to Mitigated once the SharePoint server(s) have been upgraded with the latest Windows updates.