Remote Desktop Disconnected because of an error in data encryption

Posted on 2004-09-30
Last Modified: 2011-08-18
Windows 2003 server recently upgraded from w2k and up to date on patches.
Remote desktop user with win xp sp2.

When he logs in and starts a particular application and selects the help, the help file opens and an image (part of the help) slides in from the right. When the image is approx. half way in, he gets the error dialogu box:

Remote Desktop Disconnected
Because of an error in data encryption, this session will end. Please try connecting to the remote computer again.

This is systematic.

If I log in to remote desktop and do the same actions with either my desktop pc or my laptop, I don't get the error. I am using win xp sp1 with all patches up to date on both.

Can anyone help please?
Question by:ian-a

Assisted Solution

mslunecka earned 150 total points
ID: 12190324
Remote desktop requires a number of ports to be opened on the new Windows Firewall in SP2 to function properly. Port 3389 is the default for RDP (remote desktop protocol).

You might also try simply disabling the firewall to see if it works at all.  You can build an exception list at the application level using the windows firewall control panel applet as well.  just put in an exception for remote desktop if disabling it works and you should be able to leave it on.

Expert Comment

ID: 12190335

any errors in the event viewer of the server?

as a side note..  I don't think this is it,  but it might not hurt to try it...
I found this::


    I have a W2K3 Terminal Server. This morning I installed the TS license server component on the same box. Now, I cannot connect to it. There is the error logged: Event ID 50 - "The RDP protocol componenet "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client." What is the matter?


    Most likely your clients do not support the FIPS encryption level.
    From: Start| Run: gpedit.msc| Computer Configuration| Administrative Template| Windows Components| Terminal Services| Encryption and Security| double click: Set client connection encryption level, and then set it to Disabled or to Not Configured (whichever suits you).

Accepted Solution

tanelorn earned 350 total points
ID: 12190444
this is from microsofts site

Your session ends with a data-encryption error message

If the data encryption error prevents your client computer from communicating properly with the remote computer, the following message appears:

"Because of error in data encryption, this session will end. Please try connecting to the remote computer again."

Try again to connect to the remote computer.


    * You cannot use the version of the Administrators Tools Pack (ATP) included with Windows 2000 on a computer running Windows XP Professional. Remove this version of ATP before upgrading to Windows XP Professional. To remotely manage Windows 2000 servers from a Windows XP Professional–based computer, use Terminal Services to connect to a Windows 2000–based computer running the Administrators Tools Pack. Check the Microsoft Web site for updates to ATP that are compatible with Windows XP Professional.


Expert Comment

ID: 12190618

you didn't mention if the machines are on the same subnet.  is the remote machine really remote?

the article above regards a linksys router...   with some versions of the firmware and with the DMZ enabled, people were
having this same issue.


Author Comment

ID: 12191149
it's not an access problem. he can log in and run the program. It's just the one action when he opens the help in this program.

I checked the event viewer now but no applicable errors in the logs.

The server is on a different subnet, although it is on site with us. We have a fixed ip which the Vigor router uses for nat to create the local network. We also have a seperate block of ip's which the router allows to pass through for ip routing and the server is on one of these. So users are on a 192.168.x.x local net while the server is on it's own wan ip address.

Cheers, Ian.

Author Comment

ID: 12198626

The problem looks to be solved.

One of my colleagues pointed me to a knowledge base article 323497 which seems to have pointed us in the right direction as the problem has stopped occuring. Link:;en-us;323497  "The RDP Protocol Component "DATA ENCRYPTION" Detected an Error..." error message.

This suggests removing the following registry values:

    Under this registry subkey, delete the following values:
       X509 Certificate
       X509 Certificate ID

We only had the "Certificate" value and since renaming it to "Certificate-1" (rather than deleting it) the problem has stopped.

On the subject of points, since you both gave me usefull info to check and get moving on the problem, I have decided to split them in the following proportions if possible (this is my first time!):

  150 to mslunecka
  350 to tanelorn

Let's hope the system lets me :-)

Cheers, Ian.

Expert Comment

ID: 12199119

and I'm glad you got your problem solved!!


Expert Comment

ID: 21830988
After a lot of searching!! I finally found out the solutions for the problem!!
I'm Using XP Pro SP3 and I've got the problem for about a month!
anyway, the first solution which helped others but not me
*is to delete the certificates in the registery as ***ian-a**" said above, taken from;en-us;323497
*another one is to uninstall "Virtual server 2005 R2 SP1" or any thing that related to this (helped others)
*the last thing that helped me!! is to disable the "Offload TCP LargeSend" on your NIC,
you can do it through the 'Device Manager' and then 'Properties' on your NIC, go to 'Advanced'
and switch "Offload TCP_LargeSend" to Disable.

Hope it helped, I know it helped me (almost changed back to Vista) :D
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.


Expert Comment

ID: 22645164
I Use Windows XP SP3 and have the same problem but none of the solutions did not work for me
the is no "Offload TCP_LargeSend" options in NIC properties
where is it and how can I solve the problem
Host and guest are Windows XP SP3

Expert Comment

ID: 23200981
I had the same problem in windows 2008 web server edition. In NIC properties it's called IPv4 Large Send Offload. I disabled it and it fixed the problem.

Expert Comment

ID: 23642753
I have same problem with my 2008 DC and disabled IPv4 large send offload. It looks like this has solved my problem.

Expert Comment

ID: 23718806
I had the same problem and thank you gnsadmin.  Disabling the "Offload TCP_LargeSend" fixed the problem instantly.

Expert Comment

ID: 24307997

Expert Comment

ID: 24901103
I am running WIN 2008 64bit and had not issues until I installed Virtual Server 2005 R2 SP1 as well, I will report back if the "offload TCP _Largesend" diable does not work.

Expert Comment

ID: 24934865
in open discussion it might be well to point out that you should check to see that the driver is updated for the NIC....mine did not show OFFLOAD TCP _LARGESEND as an option under properties......until I updated it.

Expert Comment

ID: 25482054
i'm curious to know what isn't gonna work when i disable "Offload TCP_LargeSend"?

If it's not needed why does it exist?

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using GNU Privacy Guard in a C# program to Decrypt 2 61
Bit Locker 2 63
Computer software inventory 5 76
Digital camera and media XP and Vista - fails on Windows 7 24 105
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now