How To Fix “CredSSP” Error When Remoting into Windows Server 2012 R2 and Other Versions

Had to set up a new Windows Server 2012 R2 virtual machine. I’d run into this problem before but it cleared up on its own after updates. This fix works on other versions of Windows as well. I won’t go into specific details because the firewall configuration varies for each version of Windows whether it is Server or a Desktop version.

The issue is that at least on virtual machines, Server 2012 won’t let you RDP into the box. This is true even if Remote Desktop access is enabled either manually or by group policy. Your first step is to let RDP through the firewall.

Allow Remote Desktop Access Through Windows Firewall

I don’t have steps for this yet, but it’s fairly simple. Get into Windows Firewall through the control panel. Under whatever sort of network you’re connected to there are rules for letting applications and protocols though the firewall. Just enable all of them labeled “Remote Desktop”. There were two on my Server 2012 R2 box.

Fix CredSSP Error After Enabling Firewall Access

I’ve had this happen a few times. The specific error is something like this (I copied from Microsoft).

An authentication error has occurred. The function requested is not supported. Remote computer: <computer name or IP>. This could be due to CredSSP encryption oracle remediation. 

https://support.microsoft.com/en-us/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm

The problem usually clears up on its own after updates. The specific update you need to install is KB4103725 to fix the issue. You can get this update through Microsoft’s Update Catalog.

If you aren’t trying to fix Server 2012 R2, here’s a link to a Microsoft article with the version of the update you need. It’s very specific and I tried installing the 2012 non-R2 version on mine twice before realizing there was a separate update for R2.

https://support.microsoft.com/en-us/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm

How To Schedule Windows Server For Automatic Restart – Server Basics

 

This is one of those really basic tasks you can easily set up with no added software or even Powershell scripts. It’s extremely useful too. Say you need to reboot a server because you installed some software that you didn’t expect needed a reboot, or there’s some updates, or some other reason. You can’t really do it until after hours and you don’t want to hang around and would just like it to reboot itself a couple of hours after closing time when everyone is home.

You might also want to reboot a Windows Server a month or once a week as a matter of routine maintenance.

This is fairly trivial to set up in Task Scheduler.

How To Schedule A Windows Server For Automatic Reboot

Note: I’m using Server 2016. This is almost exactly the same in 2008 and 2012.

Step 1 – Open Task Scheduler. In the newer versions of Windows Server you can just click on the start button and type “Task Scheduler”. You can find it manually under Control Panel under Administrative Tools. You can find it in the Start Menu in Server 2003 but the Task Scheduler is a bit different.

Step 2 – Right Click on the Task Scheduler Library (Highlighted in the picture in Step 1) and click “Create Basic Task”. This will open the Wizard. You don’t have to use the Wizard, but since this is a very simple task it’s easier.

Step 3 – Give a name to the task. I called this “Restart Server Once”. In a multi-server environment, my personal preference is to call it “Restart This Server Once” or “Restart Local Server Once” to show that the task restarts that specific machine. As I usually also have tasks to restart remote servers and workstations on at least one of them as well. If I were also making one to restart the box on a schedule I’d name it something like, “Restart Local Server On First Of Month”.

Click Next.

Step 4 – Since this task is to just restart the server one time click the “One Time” option and then click next.

You’ll note the sub-task called “One Time” under triggers.

Step 5 – Give it a date and time to restart. Click next.

I chose 8pm the next day.

Step 6 – Select “Start A Program”. Click Next.

Step 7 – Type “shutdown” without the quotes into the “Program/Script” box and “/r” into the “Add arguments” box. Click Next.

Step 8 – Click Finish

Step 9 – You aren’t done yet because you want this to run if you get logged off and you want to set this up so you can use it again later.  In the Task Scheduler right-click on your new task and click Properties. This will bring up the general settings page. The radio buttons on the bottom will default to “Run only when user is logged on” change it to “Run whether user is logged on or not”.

Step 10 – Click OK. It will make you enter your administrator password.

You’re finished!

Changing the Schedule for The Automatic Reboot

So now you have a task that will automatically reboot your server (Or PC) one time. Now  you need it to do it again. There’s no need to make another task, you just need to update the trigger.

Step 1 – Go back into Task Scheduler, right-click on your task and click Properties. Click on the Triggers tab.

Step 2 – Click on the “One Time” trigger and click the Edit button. Change the time and date, click OK on all the dialog boxes and your server/PC will now restart at the new time.

It will ask  you to re-enter the administrator password.