Cause:
This error occurs when you attempt to create an insecure RDP connection.
- The client has the CredSSP update installed and is trying to connect to an unpatched server
- The server has the CredSSP update installed and an unpatched client is trying to connect
Solution:
Installation of the CredSSP-Update.
There are ready-to-use PowerShell scripts available (see link).
In my case, I had to select the script for Server 2012 R2.
# Create a download location
md c:\temp
# Download the KB file
$source = "http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/05/windows8.1-kb4103725-x64_cdf9b5a3be2fd4fc69bc23a617402e69004737d9.msu"
$destination = "c:\temp\windows8.1-kb4103725-x64_cdf9b5a3be2fd4fc69bc23a617402e69004737d9.msu"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source,$destination)
# Install the KB
expand -F:* $destination C:\temp\
dism /ONLINE /add-package /packagepath:"c:\temp\Windows8.1-KB4103725-x64.cab"
# Add the vulnerability key to allow unpatched clients
REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /v AllowEncryptionOracle /t REG_DWORD /d 2
# Restart the VM to complete the installations/settings
shutdown /r /t 0 /f