Customer has deployed in many of their final Windows devices CredSSP as described in Microsoft's CVE-2018-0866.

After doing so and Setting the Encryption Oracle Remediation policy setting "Force Updated Clients" according to , https://support.microsoft.com/ca-es/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018  in several of their Windows systems they are not able to log in to any of these systems and they are receiving errors like the following:

2019-05-22 09:38:54 ERROR - An error occurred in NTLM handshake: com.ca.xsuite.app.rdp3.core.common.libs.org.apache.harmony.security.asn1.ASN1Exception: security.132 com.ca.xsuite.app.rdp3.client.handler.cssp.ClientNTLM [PAM Access Agent-3]

CA PRIVILEGED ACCESS MANAGEMENT, all versions

Please note:  you can use the setting "Force Updated Clients" setting in PAM 3.4.x - but instead of adopting our embedded RDP Client.

You can use the new functionality of a RDP Proxy, which we adopt/utilize any local RDP Client on the user's desktop.

Please see the following documentation\video on this:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4/release-information/new-features-and-enhancements-in-3-4.html#concept.dita_97029b778cfd380e0edca2b1b71f2be6a0289cf2_RDPProxy