Solved

Remote Desktop Disconnected because of an error in data encryption

Posted on 2004-09-30
16
42,887 Views
Last Modified: 2011-08-18
System:
Windows 2003 server recently upgraded from w2k and up to date on patches.
Remote desktop user with win xp sp2.

When he logs in and starts a particular application and selects the help, the help file opens and an image (part of the help) slides in from the right. When the image is approx. half way in, he gets the error dialogu box:

Remote Desktop Disconnected
Because of an error in data encryption, this session will end. Please try connecting to the remote computer again.

This is systematic.

If I log in to remote desktop and do the same actions with either my desktop pc or my laptop, I don't get the error. I am using win xp sp1 with all patches up to date on both.

Can anyone help please?
Ian.
0
Comment
Question by:ian-a
16 Comments
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 150 total points
ID: 12190324
Remote desktop requires a number of ports to be opened on the new Windows Firewall in SP2 to function properly. Port 3389 is the default for RDP (remote desktop protocol).

You might also try simply disabling the firewall to see if it works at all.  You can build an exception list at the application level using the windows firewall control panel applet as well.  just put in an exception for remote desktop if disabling it works and you should be able to leave it on.
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12190335
Hi,

any errors in the event viewer of the server?

as a side note..  I don't think this is it,  but it might not hurt to try it...
I found this::

Question:

    I have a W2K3 Terminal Server. This morning I installed the TS license server component on the same box. Now, I cannot connect to it. There is the error logged: Event ID 50 - "The RDP protocol componenet "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client." What is the matter?


Response:

    Most likely your clients do not support the FIPS encryption level.
    From: Start| Run: gpedit.msc| Computer Configuration| Administrative Template| Windows Components| Terminal Services| Encryption and Security| double click: Set client connection encryption level, and then set it to Disabled or to Not Configured (whichever suits you).
0
 
LVL 6

Accepted Solution

by:
tanelorn earned 350 total points
ID: 12190444
this is from microsofts site  

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/pree_rem_ocqv.asp

Your session ends with a data-encryption error message

If the data encryption error prevents your client computer from communicating properly with the remote computer, the following message appears:

"Because of error in data encryption, this session will end. Please try connecting to the remote computer again."

Try again to connect to the remote computer.

Note

    * You cannot use the version of the Administrators Tools Pack (ATP) included with Windows 2000 on a computer running Windows XP Professional. Remove this version of ATP before upgrading to Windows XP Professional. To remotely manage Windows 2000 servers from a Windows XP Professional–based computer, use Terminal Services to connect to a Windows 2000–based computer running the Administrators Tools Pack. Check the Microsoft Web site for updates to ATP that are compatible with Windows XP Professional.

T
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12190618
HI,

http://www.experts-exchange.com/Security/Win_Security/Q_20744615.html

you didn't mention if the machines are on the same subnet.  is the remote machine really remote?

the article above regards a linksys router...   with some versions of the firmware and with the DMZ enabled, people were
having this same issue.

T
0
 

Author Comment

by:ian-a
ID: 12191149
Hi,
it's not an access problem. he can log in and run the program. It's just the one action when he opens the help in this program.

I checked the event viewer now but no applicable errors in the logs.

The server is on a different subnet, although it is on site with us. We have a fixed ip which the Vigor router uses for nat to create the local network. We also have a seperate block of ip's which the router allows to pass through for ip routing and the server is on one of these. So users are on a 192.168.x.x local net while the server is on it's own wan ip address.

Cheers, Ian.
0
 

Author Comment

by:ian-a
ID: 12198626
Hi,

The problem looks to be solved.

One of my colleagues pointed me to a knowledge base article 323497 which seems to have pointed us in the right direction as the problem has stopped occuring. Link:

   http://support.microsoft.com/default.aspx?scid=kb;en-us;323497  "The RDP Protocol Component "DATA ENCRYPTION" Detected an Error..." error message.

This suggests removing the following registry values:

    Under this registry subkey, delete the following values:
       Certificate
       X509 Certificate
       X509 Certificate ID

We only had the "Certificate" value and since renaming it to "Certificate-1" (rather than deleting it) the problem has stopped.

On the subject of points, since you both gave me usefull info to check and get moving on the problem, I have decided to split them in the following proportions if possible (this is my first time!):

  150 to mslunecka
  350 to tanelorn

Let's hope the system lets me :-)

Cheers, Ian.
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12199119
Thanks,  

and I'm glad you got your problem solved!!

T
0
 
LVL 3

Expert Comment

by:gnsadmin
ID: 21830988
After a lot of searching!! I finally found out the solutions for the problem!!
I'm Using XP Pro SP3 and I've got the problem for about a month!
anyway, the first solution which helped others but not me
*is to delete the certificates in the registery as ***ian-a**" said above, taken from http://support.microsoft.com/default.aspx?scid=kb;en-us;323497
*another one is to uninstall "Virtual server 2005 R2 SP1" or any thing that related to this (helped others)
*the last thing that helped me!! is to disable the "Offload TCP LargeSend" on your NIC,
you can do it through the 'Device Manager' and then 'Properties' on your NIC, go to 'Advanced'
and switch "Offload TCP_LargeSend" to Disable.

Hope it helped, I know it helped me (almost changed back to Vista) :D
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Expert Comment

by:doeb
ID: 22645164
I Use Windows XP SP3 and have the same problem but none of the solutions did not work for me
the is no "Offload TCP_LargeSend" options in NIC properties
where is it and how can I solve the problem
Host and guest are Windows XP SP3
0
 

Expert Comment

by:sarabindia
ID: 23200981
I had the same problem in windows 2008 web server edition. In NIC properties it's called IPv4 Large Send Offload. I disabled it and it fixed the problem.
0
 

Expert Comment

by:Gibbs001
ID: 23642753
I have same problem with my 2008 DC and disabled IPv4 large send offload. It looks like this has solved my problem.
0
 

Expert Comment

by:qdigital
ID: 23718806
I had the same problem and thank you gnsadmin.  Disabling the "Offload TCP_LargeSend" fixed the problem instantly.
0
 

Expert Comment

by:swolodkin
ID: 24307997
DISABLE THE "OFFLOAD TCP _LARGESEND" IN THE NIC!!!!  THIS SHOULD BE THE ACCEPTED SOLUTION.
0
 

Expert Comment

by:rallgaier
ID: 24901103
I am running WIN 2008 64bit and had not issues until I installed Virtual Server 2005 R2 SP1 as well, I will report back if the "offload TCP _Largesend" diable does not work.
0
 

Expert Comment

by:pmdsw
ID: 24934865
in open discussion it might be well to point out that you should check to see that the driver is updated for the NIC....mine did not show OFFLOAD TCP _LARGESEND as an option under properties......until I updated it.
0
 
LVL 3

Expert Comment

by:homemadebyx
ID: 25482054
i'm curious to know what isn't gonna work when i disable "Offload TCP_LargeSend"?

If it's not needed why does it exist?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now