This error occurs when you attempt to create an insecure RDP connection.
- The client has the CredSSP update installed and is trying to connect to an unpatched server
- The server has the CredSSP update installed and an unpatched client is trying to connect
Installation of the CredSSP-Update.
There are ready-to-use PowerShell scripts available (see link).
In my case, I had to select the script for Server 2012 R2.
# Create a download location md c:\temp # Download the KB file $source = "http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/05/windows8.1-kb4103725-x64_cdf9b5a3be2fd4fc69bc23a617402e69004737d9.msu" $destination = "c:\temp\windows8.1-kb4103725-x64_cdf9b5a3be2fd4fc69bc23a617402e69004737d9.msu" $wc = New-Object System.Net.WebClient $wc.DownloadFile($source,$destination) # Install the KB expand -F:* $destination C:\temp\ dism /ONLINE /add-package /packagepath:"c:\temp\Windows8.1-KB4103725-x64.cab" # Add the vulnerability key to allow unpatched clients REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /v AllowEncryptionOracle /t REG_DWORD /d 2 # Restart the VM to complete the installations/settings shutdown /r /t 0 /f