www.gsx.com | log in | register

Last update: . Author: Alan Carson .

CredSSP Fails after Windows 10 March 2018 Update CVE-2018-0886

The March 2018 Windows 10 update includes a security patch that prevents the downgrading of Credential Security Support Provider (CredSSP) connections. This may cause an existing monitoring configuration to fail if it is attempting to connect to a server with a less secure version of the CredSSP protocol. The best option to resolve this issue is to ensure that all SharePoint servers have the latest Microsoft Windows updates.

If upgrading all SharePoint servers is not immediately possible, follow this article for a workaround to configure the GSX Monitor server to allow a fall back to the less secure connection. This will be done using the group policy editor.

GSX Monitor 10.5+ | SharePoint | CredSSP

Symptoms

  • The request is not supported The_request_is_not_supported.png

How to Solve the Issue

The best scenario to resolve the issue is to ensure that all SharePoint servers are patched with the latest Microsoft Windows updates. If rebooting your production server or installing Windows updates are not possible at this time, the below procedure can be performed in the interim. The workaround will change the Credentials Delegation option in the group policy editor to allow CredSSP to fall back to the less secure connection.

Change Credentials Delegation workaround option:

  1. On your GSX Monitoring Station, open the Group Policy Editor by typing gpedit.msc in the Run box.
  2. Navigate to Computer Configuration - Administrative Templates - System - Credentials Delegation:
    Credentials_Delegation.png
  3. Locate the entry Encryption Oracle Remediation:
    Encryption_Oracle_Remeditation.png
    • Even if this is showing Not configured it is still taking effect!
  4. Double click on Encryption Oracle Remediation and set it to Enabled:
    Enable_-_Encryption_Oracle_Remeditation.png
  5. Under Options, set the Protection Level to Vulnerable and click OK:

This will now allow GSX Monitor to accept connections using CredSSP, regardless of the version.

Microsoft related articles


Was this article helpful?

0 out of 1 found this helpful




Not finding what you are looking for?

Have more questions? Submit a request