tirsdag den 17. juli 2018

Getting error while redeploying Cloud Connector Edition - CredSSP

Recently i ran into this at 2 different customers - both having the exact same issue, and the workaround below solved it.

Let me describe the issue.
IF your CCE host OS is set to Windows Updates enabled (it should be) but your tenant is not configured with bits and OS updates, or your guest VM's for some reason where not updated since March - you will probably run into the CredSSP patch issue.

Described here:
https://support.microsoft.com/da-dk/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Basically if the RDP client (The Host OS) is patched and the RDP host (the guest VM) then connection will fail - and in the powershell running install-ccappliance you will have the exact same error.
Which is "The request is not supported"
FULL ERROR (for search purpose)
Connecting to remote server 192.168.213.3 failed with the following error message : The request is not supported. For more information, see the about_remote_troubleshooting Help topic.

And when i saw that it occurred to me, that i saw that before in a whole different scenario... RDP that is:



So i thought i could not hurt to try out the CredSSP remediation workaround on the host.

So i dit this:

1. Open the Local Group Policy Editor and navigate to
     Computer Configuration > Administrative Templates > System > Credentials Delegation.
2. Under 'Encryption Oracle Remediation', click the Enabled option.
3. From the 'Protection Level' drop-down list, select Vulnerable.


After doing that i re-ran install-ccappliance and it went through without errors.

As always HAPPY SKYPE'ing

Ingen kommentarer: