Mr. Praline: Look, matey, I know a dead parrot when I see one, and I\u2019m looking at one right now.<\/em><\/p>\n Owner: No no he\u2019s not dead, he\u2019s, he\u2019s restin\u2019!<\/em><\/p>\n My lab died!<\/p>\n It had been running quite happily for several weeks, then disaster struck\u2026<\/p>\n Well to be precise (and a lot less dramatic), my\u00a0<\/span>Microsoft System Center Virtual Machine Manager<\/a>(SCVMM) lost the ability to control any of my Hyper-V clusters.<\/p>\n I originally built this lab to prove a concept for a customer around a single instance of SCVMM,\u00a0<\/span>Azure Site Recovery<\/a>\u00a0<\/span>(ASR) and stretched subnets across two datacentres. You\u2019ll be able to read the results of this Proof of Concept (PoC) in another blog post (co-authored by Peter High).<\/p>\n The primary error was:<\/p>\n Error (2912)<\/em><\/span><\/p>\n An internal error has occurred trying to contact the \u2018hyperv03.mydomain.corp\u2019 server: : .<\/em><\/span><\/p>\n WinRM: URL: [http:\/\/hyperv03.mydomain.corp:5985], Verb: [INVOKE], Method: [GetVersion], Resource: [http:\/\/schemas.microsoft.com\/wbem\/wsman\/1\/wmi\/root\/scvmm\/AgentManagement]<\/em><\/span><\/p>\n The request is not supported (0x80070032)<\/em><\/span><\/p>\n Followed by recommendations to check that\u00a0<\/span>Windows Remote Management<\/a>\u00a0<\/span>(WinRM) was running (it was) and that the SCVMM agent was installed on the Hyper-V host (it was).<\/p>\n I went through the usual troubleshooting steps for WinRM:<\/p>\n Then by chance, I searched using\u00a0<\/span>DuckDuckGo<\/a>\u00a0<\/span>(privacy-focused search engine) for \u201cCredSSP the request is not supported\u201d and found the following article:<\/p>\n https:\/\/www.tecklyfe.com\/how-to-fix-authentication-error-function-not-supported-credssp-error-rdp\/<\/a><\/p>\n Microsoft released an update for CredSSP in March 2018 (CVE-2018-0886) which patches a known vulnerability that allows remote code execution (CredSSP encryption Oracle remediation). This fix was updated in May (last month).<\/p>\n https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-0886<\/a><\/p>\n The simplest solution is to patch all servers immediately, but as we all know, patching takes time, and in a production environment with mandated maintenance windows, it takes planning.<\/p>\n A short-term workaround is available. Set the Group Policy value for \u201cComputer Configuration\/Administrative Templates\/System\/Credentials Delegation\/Encrypted Oracle Remediation\u201d to \u2018Vulnerable\u2019.<\/p>\n Note:<\/strong>\u00a0<\/span>Make sure that you understand the impact of setting this value which is detailed here:<\/p>\n https:\/\/support.microsoft.com\/en-us\/help\/4093492\/credssp-updates-for-cve-2018-0886-march-13-2018<\/a><\/p>\n Now that all my servers are patched, SCVMM is happily talking to my Hyper-V clusters.<\/p>\n I was lucky \u2013 \u00a0this only impacted a lab. Imagine if this was your production environment?<\/p>\n While it\u2019s great that Microsoft is providing regular fixes for issues and bugs, it is a timely reminder that installing patches is not without some risk.<\/p>\n Ironically as my Practice Manager proofread this blog post, he realised that it would fix his issue with accessing his Virtual Machine in Azure!<\/p>\n Mr. Praline: Now that\u2019s what I call a dead parrot.<\/em><\/p>\n Owner: No, no\u2026..No, \u2018e\u2019s stunned!<\/em><\/p>\n Mr. Praline: STUNNED?!?<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" The Day My Lab Died (CREDSSP Encryption Oracle Remediation) Mr. Praline: Look, matey, I know a dead parrot when I see one, and I\u2019m looking at one right now. Owner: No no he\u2019s not dead, he\u2019s, he\u2019s restin\u2019! My lab died! It had been running quite happily for several weeks, then disaster struck\u2026 Well to… Continue reading SCVMM Blues (CredSSP)<\/span><\/a><\/p>\n","protected":false},"author":88,"featured_media":799,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/users\/88"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/comments?post=798"}],"version-history":[{"count":0,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/798\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media\/799"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media?parent=798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/categories?post=798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/tags?post=798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n