An authentication error occurred. The function requested is not supported. This could be due to CredSSP encryption oracle remediation.

1. INTRODUCTION

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.

CredSSP is an authentication provider that processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack.

As an example of how an attacker could exploit this vulnerability against the Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.

2. RDP SESSION

An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.

However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.

This has been reported to cause an error thrown by Windows RDP as below:

3. WORKAROUND

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

1. Open Group Policy Editor, by executing gpedit.msc

2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials DelegationRun gpedit.msc and expand Administrative Templates

Expand System

Expand Credential Delegation

Edit Encryption Oracle Remediation

Select Enabled and change Production Level to Vulnerable

3. Run the command gpupdate /force to apply group policy settings.

4. Your remote desktop connection will be working fine now.

CONCLUSION

This is just a workaround and defeats the purpose of the patching. However, we need to ensure that future updates are installed as and when released by Microsoft so that the vulnerability is not exposed.

IPSEC Service fails to start in Windows 2003 Server with Error 2: The system cannot find the file specified

Upon rebooting a Terminal Server that had resource issues, we could not log back into the server through RDP.  We could log in through iLO, and it was apparent that the logins were working but they were very slow.  Upon examining the services, we could see that the IPSEC service was not started. 

Trying to manually start the service gave the following popup: “Could not start the IPSEC Services service on Local Computer.  Error 2: The system cannot find the file specified.”  The event logs also showed that TCP/IP was in blocking mode. 

Disabling the service and rebooting restored all network communication, but trying to start the service would drop all connectivity again and slow down the server.  I found another article that said that IPSEC may need to be rebuilt.  When I looked for the registry keys for IPSEC, they were not there.  After I ran the following commands, the registry keys were populated, and IPSEC was able to run properly.

To rebuild IPSEC, follow these steps: [more]

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\IPsec\Policy\Local.  (In my case, the server’s registry ended before IPsec.  If this is the case, skip to step 6.)
  3. On the Edit menu, click Delete.
  4. Click Yes to confirm that you want to delete the subkey
  5. Quit Registry Editor
  6. Click Start, click Run, type regsvr32 polstore.dll, and then click OK.

VSS writers and VSS writers Related Windows Services details

VSS writers and VSS writers Related Windows Services details are below:

VSS WriterService NameService Display Name
ADAM $instanceName WriterADAM_$instanceName$instanceName
ASR WriterVSSVolume Shadow Copy
BITS WriterBITSBackground Intelligent Transfer Service
Certificate AuthorityCertSvcActive Directory Certificate Services
COM+ REGDB WriterVSSVolume Shadow Copy
DFS Replication service writerDFSRDFS Replication
DHCP Jet WriterDHCPServerDHCP Server
FRS WriterNtFrsFile Replication
FSRM writersrmsvcFile Server Resource Manager
IIS Config WriterAppHostSvcApplication Host Helper Service
IIS Metabase WriterIISADMINIIS Admin Service
Microsoft Exchange Replica WriterMSExchangeReplMicrosoft Exchange Replication Service
Microsoft Exchange WriterMSExchangeISMicrosoft Exchange Information Store
Microsoft Hyper-V VSS WritervmmsHyper-V Virtual Machine Management
MSMQ Writer (MSMQ)MSMQMessage Queuing
MSSearch Service WriterWSearchWindows Search
NPS VSS WriterEventSystemCOM+ Event System
NTDSNTDSActive Directory Domain Services
OSearch VSS WriterOSearchOffice SharePoint Server Search
OSearch14 VSS WriterOSearch14SharePoint Server Search 14
OSearch15 VSS WriterOSearch15SharePoint Server Search 15
Registry WriterVSSVolume Shadow Copy
Shadow Copy Optimization WriterVSSVolume Shadow Copy
SharePoint Services WriterSPWriterWindows SharePoint Services VSS Writer
SMS WriterSMS_SITE_VSS_WRITERSMS_SITE_VSS_WRITER
SPSearch VSS WriterSPSearchWindows SharePoint Services Search
SPSearch4 VSS WriterSPSearch4SharePoint Foundation Search V4
SqlServerWriterSQLWriterSQL Server VSS Writer
System WriterCryptSvcCryptographic Services
TermServLicensingTermServLicensingRemote Desktop Licensing
WDS VSS WriterWDSServerWindows Deployment Services Server
WIDWriterWIDWriterWindows Internal Database VSS Writer
WINS Jet WriterWINSWindows Internet Name Service (WINS)
Windows Server Storage VSS WriterWseStorageSvcWindows Server Essentials Storage Service
WMI WriterWinmgmtWindows Management Instrumentation

Add members to O365 Security Groups using Azure AD Powershell Module

Step 1. Create a CSV file with a column “UserPrincipalName” and add all users under it who are to be added as a member of the group.


Step 2.  Run The below command to import the csv file and get the object IDs for members to be added to group

Import-Csv C:\temp\Members.csv csv  | Foreach {Get-Msoluser -UserPrincipalName $_.Userprincipalname | select Objectid } | Export-csv C:\temp\MembersWithObjectID.csv

This will convert the user’s identity to their unique guid details, and export it to the same CSV file.


Step 3. Collect the guid ID of the security group as well to which you want to add the mebers

The below command will help with the object ID of the Group.

Get-MsolGroup  “SecurityGroupName” | FL

I have my object ID as below.

ObjectId                  : XXXXXX-XXXX-XXXX-XXXXXXXXX


Step 4. Run the below command to Add members in the CSV to the Group.

$sub2 = Import-Csv C:\RAhul\sspruser.com.csv

Import-Csv C:\temp\MembersWithObjectID.csv | Foreach {Add-MsolGroupMember -groupObjectid ‘XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX’ -GroupMemberObjectId $_.ObjectId -GroupMemberType User}


Step 5. Verify the users from the Group just added.

Get-MsolGroupMember -all -groupObjectid ‘XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX’ | Select DisplayName,EmailAddress,GroupMemberType | Export-csv C:\temp\security-group-members.csv