Solved

Remote Desktop Disconnected because of an error in data encryption

Posted on 2004-09-30
16
42,973 Views
Last Modified: 2011-08-18
System:
Windows 2003 server recently upgraded from w2k and up to date on patches.
Remote desktop user with win xp sp2.

When he logs in and starts a particular application and selects the help, the help file opens and an image (part of the help) slides in from the right. When the image is approx. half way in, he gets the error dialogu box:

Remote Desktop Disconnected
Because of an error in data encryption, this session will end. Please try connecting to the remote computer again.

This is systematic.

If I log in to remote desktop and do the same actions with either my desktop pc or my laptop, I don't get the error. I am using win xp sp1 with all patches up to date on both.

Can anyone help please?
Ian.
0
Comment
Question by:ian-a
16 Comments
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 150 total points
ID: 12190324
Remote desktop requires a number of ports to be opened on the new Windows Firewall in SP2 to function properly. Port 3389 is the default for RDP (remote desktop protocol).

You might also try simply disabling the firewall to see if it works at all.  You can build an exception list at the application level using the windows firewall control panel applet as well.  just put in an exception for remote desktop if disabling it works and you should be able to leave it on.
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12190335
Hi,

any errors in the event viewer of the server?

as a side note..  I don't think this is it,  but it might not hurt to try it...
I found this::

Question:

    I have a W2K3 Terminal Server. This morning I installed the TS license server component on the same box. Now, I cannot connect to it. There is the error logged: Event ID 50 - "The RDP protocol componenet "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client." What is the matter?


Response:

    Most likely your clients do not support the FIPS encryption level.
    From: Start| Run: gpedit.msc| Computer Configuration| Administrative Template| Windows Components| Terminal Services| Encryption and Security| double click: Set client connection encryption level, and then set it to Disabled or to Not Configured (whichever suits you).
0
 
LVL 6

Accepted Solution

by:
tanelorn earned 350 total points
ID: 12190444
this is from microsofts site  

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/pree_rem_ocqv.asp

Your session ends with a data-encryption error message

If the data encryption error prevents your client computer from communicating properly with the remote computer, the following message appears:

"Because of error in data encryption, this session will end. Please try connecting to the remote computer again."

Try again to connect to the remote computer.

Note

    * You cannot use the version of the Administrators Tools Pack (ATP) included with Windows 2000 on a computer running Windows XP Professional. Remove this version of ATP before upgrading to Windows XP Professional. To remotely manage Windows 2000 servers from a Windows XP Professional–based computer, use Terminal Services to connect to a Windows 2000–based computer running the Administrators Tools Pack. Check the Microsoft Web site for updates to ATP that are compatible with Windows XP Professional.

T
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 6

Expert Comment

by:tanelorn
ID: 12190618
HI,

http://www.experts-exchange.com/Security/Win_Security/Q_20744615.html

you didn't mention if the machines are on the same subnet.  is the remote machine really remote?

the article above regards a linksys router...   with some versions of the firmware and with the DMZ enabled, people were
having this same issue.

T
0
 

Author Comment

by:ian-a
ID: 12191149
Hi,
it's not an access problem. he can log in and run the program. It's just the one action when he opens the help in this program.

I checked the event viewer now but no applicable errors in the logs.

The server is on a different subnet, although it is on site with us. We have a fixed ip which the Vigor router uses for nat to create the local network. We also have a seperate block of ip's which the router allows to pass through for ip routing and the server is on one of these. So users are on a 192.168.x.x local net while the server is on it's own wan ip address.

Cheers, Ian.
0
 

Author Comment

by:ian-a
ID: 12198626
Hi,

The problem looks to be solved.

One of my colleagues pointed me to a knowledge base article 323497 which seems to have pointed us in the right direction as the problem has stopped occuring. Link:

   http://support.microsoft.com/default.aspx?scid=kb;en-us;323497  "The RDP Protocol Component "DATA ENCRYPTION" Detected an Error..." error message.

This suggests removing the following registry values:

    Under this registry subkey, delete the following values:
       Certificate
       X509 Certificate
       X509 Certificate ID

We only had the "Certificate" value and since renaming it to "Certificate-1" (rather than deleting it) the problem has stopped.

On the subject of points, since you both gave me usefull info to check and get moving on the problem, I have decided to split them in the following proportions if possible (this is my first time!):

  150 to mslunecka
  350 to tanelorn

Let's hope the system lets me :-)

Cheers, Ian.
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12199119
Thanks,  

and I'm glad you got your problem solved!!

T
0
 
LVL 3

Expert Comment

by:gnsadmin
ID: 21830988
After a lot of searching!! I finally found out the solutions for the problem!!
I'm Using XP Pro SP3 and I've got the problem for about a month!
anyway, the first solution which helped others but not me
*is to delete the certificates in the registery as ***ian-a**" said above, taken from http://support.microsoft.com/default.aspx?scid=kb;en-us;323497
*another one is to uninstall "Virtual server 2005 R2 SP1" or any thing that related to this (helped others)
*the last thing that helped me!! is to disable the "Offload TCP LargeSend" on your NIC,
you can do it through the 'Device Manager' and then 'Properties' on your NIC, go to 'Advanced'
and switch "Offload TCP_LargeSend" to Disable.

Hope it helped, I know it helped me (almost changed back to Vista) :D
0
 

Expert Comment

by:doeb
ID: 22645164
I Use Windows XP SP3 and have the same problem but none of the solutions did not work for me
the is no "Offload TCP_LargeSend" options in NIC properties
where is it and how can I solve the problem
Host and guest are Windows XP SP3
0
 

Expert Comment

by:sarabindia
ID: 23200981
I had the same problem in windows 2008 web server edition. In NIC properties it's called IPv4 Large Send Offload. I disabled it and it fixed the problem.
0
 

Expert Comment

by:Gibbs001
ID: 23642753
I have same problem with my 2008 DC and disabled IPv4 large send offload. It looks like this has solved my problem.
0
 

Expert Comment

by:qdigital
ID: 23718806
I had the same problem and thank you gnsadmin.  Disabling the "Offload TCP_LargeSend" fixed the problem instantly.
0
 

Expert Comment

by:swolodkin
ID: 24307997
DISABLE THE "OFFLOAD TCP _LARGESEND" IN THE NIC!!!!  THIS SHOULD BE THE ACCEPTED SOLUTION.
0
 

Expert Comment

by:rallgaier
ID: 24901103
I am running WIN 2008 64bit and had not issues until I installed Virtual Server 2005 R2 SP1 as well, I will report back if the "offload TCP _Largesend" diable does not work.
0
 

Expert Comment

by:pmdsw
ID: 24934865
in open discussion it might be well to point out that you should check to see that the driver is updated for the NIC....mine did not show OFFLOAD TCP _LARGESEND as an option under properties......until I updated it.
0
 
LVL 3

Expert Comment

by:homemadebyx
ID: 25482054
i'm curious to know what isn't gonna work when i disable "Offload TCP_LargeSend"?

If it's not needed why does it exist?
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now