I updated Thinpro 5.2 with HP's freerdp-1.1hp13b patch for the changes to the CredSSP protocol necessary to connect to servers patched for CVE-2018-0886. After changing the thinpro registry key "requireEncryptionOracleRemediation" from '0' to '1' to enforce strict connection behavior on the client, I cannot connect to Win 7 or server 2008r2.
Win 7 and 2008r2 are both patched with Microsoft's update https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
In the regeditor - Freerdp "requireEncryptionOracleRemediation" with value set to '0' I can rdp just fine.
If I set the value to '1' (enforce), I cannot connect to a Win 7 computer or 2008r2 term server, I get a small window popup that says "Authentication Failure". I can remote to Win 10 and server 2012r2 just fine with value '1'.
I have very generic settings, the Freerdp connection settings are "Enable deprecated RDP encryption" unchecked, server IP, user/password, TLS1.2, default cert setting.
The Win7 and 2008r2 are set with Network Level Authentication checked in remote desktop settings.
Local Group Policy > "Encryption Oracle Remediation". I have tried each one of these "Vulnerable or Mitigate or Forced".
Is there something I am missing on the client or server side settings that the value '1' is looking for to connect?
Is the HP freerdp-1.1hp13b patch at fault?
Thanks