windows 2008

[cecyLDY]

Server did not response with a CredSSP token after step Step 3. Server Authentication - actual 'Negotiate, CredSSP'

[JordanStopford]

I'm receiving a mix of this and failures after "Step 5", quite intermittently

[jborean93]

Server 2008 (non R2 version) is quite difficult because it doesn't have TLS 1.2 available as a reliable patch. I know Microsoft did release a TLS 1.2 patch but from my testing it just doesn't work from a server perspective. The disable_tlsv1_2 kwargs when creating the CredSSP context can be used to fallback to TLS 1.0 that Server 2008 does support but at this point you really should try and move away from this host.

The other issue is that the 3rd step can change based on the CredSSP version in play. By default requests-credssp should support the newer CredSSP versions that are available but you would need to ensure you have v1.0.0 or higher installed.

Have a look at the security event logs on the Windows host to see if it gives you any error codes that explains the failure. Also try just connecting with CredSSP auth from an actual Windows client to ensure that the host itself isn't faulty.

[JordanStopford]

Sorry, I should've said that my test host is 2008R2 (I may have misread the title of this bug!). I've in fact got two separate systems that exhibit this issue so it seems fairly easily reproducible - I wonder whether MS have released a patch that's changed something slightly. I've checked the security event logs and can't see anything immediately apparent and I can RDP into both hosts which from what I've read uses CredSSP too?

Is there anything else I should be looking for or any other information you need?

[cecyLDY]

windows server 2008 r2 ,After The Windows update.Server did not response with a CredSSP token after step Step 5. Delegate Credentials - actual ''

[jborean93]

I wonder whether MS have released a patch that's changed something slightly

They did but that was in 2018. This library should support servers with and without this patch though. One issue with both Server 2008 and 2008 R2 is that they both don't have TLS 1.2 enabled by default. If you haven't installed the TLS 1.2 patch and enabled the protocol on the server through the required registry keys then CredSSP will be using TLS 1.0. This has some problems in the handshake process and requires a specific flag to be set disable_tlsv1_2=True to work with TLS 1.0.

Is there anything else I should be looking for or any other information you need?

There's nothing else that I know off, you might be able to get some more information by enabling SChannel debug logs and see if that reports anything. Also making sure you can connect using CredSSP with native PowerShell remoting Enter-PSSession -ComputerName server -Authentication CredSSP. If that doesn't work then this won't work as well.