Common scenario is that the client has the CredSSP update installed, and the Encryption Oracle Remediation policy setting does not allow an insecure RDP connection to a server that does not have the CredSSP update installed. On the client has the CredSSP update installed Run gpedit.msc , and then browse to Computer Configuration > Administrative Templates > System > Credentials Delegation in the navigation pane. Change the Encryption Oracle Remediation policy to Enabled , and then change Protection Level to Vulnerable . If you cannot use gpedit.msc, you can make the same change by using the registry, as follows: Open a Command Prompt window as Administrator. Run the following command to add a registry value: REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2