How To Fix “CredSSP” Error When Remoting into Windows Server 2012 R2 and Other Versions

Had to set up a new Windows Server 2012 R2 virtual machine. I’d run into this problem before but it cleared up on its own after updates. This fix works on other versions of Windows as well. I won’t go into specific details because the firewall configuration varies for each version of Windows whether it is Server or a Desktop version.

The issue is that at least on virtual machines, Server 2012 won’t let you RDP into the box. This is true even if Remote Desktop access is enabled either manually or by group policy. Your first step is to let RDP through the firewall.

Allow Remote Desktop Access Through Windows Firewall

I don’t have steps for this yet, but it’s fairly simple. Get into Windows Firewall through the control panel. Under whatever sort of network you’re connected to there are rules for letting applications and protocols though the firewall. Just enable all of them labeled “Remote Desktop”. There were two on my Server 2012 R2 box.

Fix CredSSP Error After Enabling Firewall Access

I’ve had this happen a few times. The specific error is something like this (I copied from Microsoft).

An authentication error has occurred. The function requested is not supported. Remote computer: <computer name or IP>. This could be due to CredSSP encryption oracle remediation. 

https://support.microsoft.com/en-us/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm

The problem usually clears up on its own after updates. The specific update you need to install is KB4103725 to fix the issue. You can get this update through Microsoft’s Update Catalog.

If you aren’t trying to fix Server 2012 R2, here’s a link to a Microsoft article with the version of the update you need. It’s very specific and I tried installing the 2012 non-R2 version on mine twice before realizing there was a separate update for R2.

https://support.microsoft.com/en-us/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm

How to Fix Windows Cannot Check For Updates Because Service is Not Running

No screenshots for this one. If anyone has a screen shot for this particular error, send it over, I’ll credit you in the notes. Just fill out the contact form and I’ll get in touch with you.

Had a customer with some machines that needed re-imaged. Image was kind of old and had this problem. There’s a lot of information about the .NET Framework service not running information on the Microsoft Forums. There’s also some information about a particular hotfix that needs installed. After doing some digging I found that this isn’t the issue at least after a re-image, or OS corruption.

Microsoft has quick fix for this issue, but it’s so easy to fix I am not going to both to link to it. This applies to Windows 7 but I suspect the fix applies to other versions of Windows as well.

How to Fix Windows Update Error: Cannot Check for Updates Because Windows Update Service is Not Running

Step 1: Log into Windows as an Administrator. Preferably as a local administrator.

Step 2: Open Services. The easiest way is to click the Start Button and type “services.msc”. You can also just type “services” and click the option that is labeled “Services” with an icon that looks like gears.

Step 3: Scroll down the list of services until you find “Windows Update”. Click on it.

Step 4: On the left side of the screen click the “Stop” link. You can also right click on Windows Update and click “Stop” or it might be under “All Tasks” then click “Stop”.

Step 5: Open File Explorer and navigate to C:\Windows

Step 6: Rename the folder “SoftwareDistribution” to “SoftwareDistributionOLD”. You can also just delete it. I’ve done it both ways with no ill effects.

Step 7: Reboot the computer.

Notes: For step 7, Microsoft seems to imply you can just start the Windows Update service and it will work. I’ve done this on five or six machines now and it has not worked until after a reboot. I have also been able to reboot without starting the service and it has worked just fine. It still gives the red error indicating your computer needs security updates, but when you click the check for update button it works just fine.

USB to Serial Adapters and Kit Suggestions

Way back in 2008 or so I got a couple of serial adapters for my laptop so I could set up various network devices. Most business class devices, even in the 21st century still use the serial port approach to first set up. Something about security or making things harder for technicians to do their job.

Since laptops don’t often come with serial ports anymore this makes things difficult to set up.

Recently I misplaced the best serial adapter I have ever worked with. The IOGEAR USB 2.0 to Serial Adapter I purchased at Best Buy in probably 2008 or sometime around then. I’ve had other adapters, but this one has worked with every operating system from Windows XP to Windows 10. I think I’ve even plugged it into a few Linux boxes and not had to do anything weird to get it to work.  Something  I can’t say with others.

The only real drawback is it has a short cable. I’m always a little jealous of the ones the phone guys carry with the 9 foot cables, but they always break on them. This one went through daily heavy use for several years, and wherever it is I’m sure still works after nearly decade. I replaced it recently with another one exactly like it.

Anyway, I highly recommend IOGEAR stuff, I’ve got an old KVM switch and some other stuff they’ve made and it’s all managed to outlast a lot of the more expensive stuff I’ve bought over the years.

Kit Suggestions

I’ve founds a few cables need to go with this particular adapter over the years. This is a ‘least number of cables you need kit’.

  1. Female to Female Serial Cable – This is what most devices need. Most network appliances are just computers with a regular serial port sticking out of them. Get a really long one of these. The Amazon link is for a ten foot cable. But you can select a three-foot, six-foot, or up to a hundred foot cable. I’ve never needed more than a ten foot cable.
  2. Female to Male Serial Cable – Some appliances have a backwards serial connection like this. I think they expect you’ll have a serial adapter with a long cable. Weirdly they’ll usually come with a cable like this. ShoreTel devices are one big example of this kind of device. I’ve never needed a super long one of these, but it also will double as an extension. I always just carried a six-foot one and kept it coiled up.
  3. Roll Over Cable With Null Modem – Essentially a “Cisco Cable”. You can get one out of the box a switch came in. The Amazon link there has a generic one for $4 but, honestly if you are buddies with some of your local IT guys you can usually get a hand full of these for free. Every time you buy a Cisco equipment or most other equipment that uses these, it usually comes with one. If you have ninety switches, you inevitably have ninety of these lying around.
  4. Regular RJ45 Null Modem – Some devices need weird pin outs and they usually use RJ-45 connections so having a regular old null modem is great and you can just make whatever cable you need. The link comes with two. Some networking equipment will come with these and a rollover cable that detaches so it’s worth watching out for that.

If you need a crossover cable, my suggestion would be to get a short male to female crossover cable, not a female to female one. I’ve never actually seen the need for one, but they sell them so I’m assuming there’s equipment out there that uses them.

Disable Outlook Call Handling In ShoreTel Director

One of the more helpful, or not helpful features of the ShoreTel phone system is Outlook Calendar integration. I’ve worked with the ShoreTel phone system since roughly 2007 in various capacities and this is one of those features that either works, or doesn’t depending on version of Office, ShoreTel, and phase the moon is in. Typically I’ve never really had anyone that actually wanted it so it never got installed on purpose. However, I’ve had some people ask about this particular feature so I thought I’d post a quick fix here on how to disable it on the server-side.

The complaint is typically the phone won’t ring for mysterious reasons even though everything is configured properly. You’ll often hear that the phone stops ringing at 9:00 but then will start again at 10:00 on Tuesdays.

The instructions below are particularly helpful for people in remote areas where it may be difficult to RDP into their machines to uninstall Calendar Integration.

How to Remotely Disable Automatic Outlook Call Handing in ShoreWare Director

Step 1 – Log into ShoreWare Director

Step 2- Go to your user’s Personal Options.

Step 3 – If the box that is labeled “Outlook Automated Call Handing” is checked, simply uncheck it and hit save.

The user’s phone should now ring, even if they have something scheduled in Outlook.

Note – You should be able to change what call handling mode ShoreTel Communicator goes into with Calendar Integration installed in each individual appointment. You may have to go into Outlook’s add-ins manager and physically enable the add-ins if you want the feature to work.

 

Site Changes

I had to change the theme of the site. I haven’t used Chrome in a long time due to it having been a total piece of garbage on most of my machines. Anyway, put it on my trusty Surface 3 as Firefox was taking up a ton of memory, notice basically no links or anything worked with the site on Chrome. Figured that was probably happening to everyone since my other WordPress sites worked fine.

Same problem cropped up on my fiance’s computer running Chrome as well. Figured out it was the WordPress theme. Looked like it hadn’t been updated since 2014 or so. A real shame too, it was a good, no-nonsense theme that loaded fast and worked really well for this blog.

I could probably figure out what the problem is, but it’s probably time to change it and the Twenty Seventeen theme is pretty cool so we’ll see how that runs until I can find something close to what I had or someone who will design me one.