A CredSSP authentication to TERMSRV/192.168.100.65 failed to negotiate a common protocol version. The remote host offered version 4 which is not permitted by Encryption Oracle Remediation

We are seeing this on a RDS server, what does it mean?

Log Name:      System
Source:        LsaSrv
Date:          11/05/2020 12:14:07
Event ID:      6041
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      server.domain.local
Description:
A CredSSP authentication to TERMSRV failed to negotiate a common protocol version.  The remote host offered version 4 which is not permitted by Encryption Oracle Remediation.

See https://go.microsoft.com/fwlink/?linkid=866660 for more information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LsaSrv" Guid="{199fe037-2b82-40a9-82ac-e1d46c792b99}" EventSourceName="LsaSrv" />
    <EventID Qualifiers="0">6041</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2020-05-11T11:14:07.000000000Z" />
    <EventRecordID>466632</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>server.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>TERMSRV/192.168.100.65</Data>
    <Data>4</Data>
  </EventData>
</Event>

This is an issue with updates, try keeping your servers as up-to-date as you can so that no more up-to-date clients are trying to connect to that server, as that will make them see this error. You can also remove the requirement for secure connections only from the server which will avoid the issue, or disable it in group policy, or by using remote registry.



You simply remove the tick box under remote settings that requires network level authentication which will remove the requirement for CredSSP to be used: