White Papers
30 Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard
Cause:
Microsoft Update KB# 4093492, that impacts CredSSP authentication protocol and RDP functions. All servers
in a CPS environment are now forcing the registry key
“HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameter
s\AllowEncryptionOracle” to a value of “1”.
Workaround #1:
Open a Microsoft Management Console and add the Group Policy Editor Snap for the WSUS server. Expand
the Computer Configuration, then the Administrative Templates, then System, and then Credentials
Delegation. Select the setting Encryption Oracle Remediation. In the properties for the setting and Enable it,
then set the options to Vulnerable. Save the changes and then reboot the WSUS server so that the settings
will take. After the update is complete set the Encryption Oracle Remediation back to not configured and
reboot the server.
Workaround #2:
If the <ServerName> listed in the above error is for the backup server, you will need to perform the same step
on the backup server and the console server. Open a Microsoft Management Console and add the Group
Policy Editor Snap for the WSUS server. Expand the Computer Configuration, then the Administrative
Templates, then System, and then Credentials Delegation. Select the setting Encryption Oracle Remediation.
In the properties for the setting and Enable it, then set the options to Vulnerable. Save the changes and
then reboot all three servers so that the settings will take. After the update is complete set the Encryption
Oracle Remediation back to not configured on all three servers and reboot them.