Solved

XP Embedded client "Because of an error in data encryption..."

Posted on 2013-05-20
8
641 Views
Last Modified: 2013-06-03
I have a 2008 Terminal Server.  I have several XP and Win 7 Prof computers within the main office as well as several outreach (connected via Cisco Routers) that never disconnect.  I have about 18 thin clients running XP Embedded that receive the following error - "Because of an error in data encryption, this session will end.  Please try connecting to the remote computer again."  This can happen once or twice in a day, or as it just happened to a staff - seven times within an hour.  It always lets them back on and it has saved where they were, but as I can attest - it is very frustrating when you are typing along and get booted.  

I have looked ont he server and the only event that looks close to the time of disconnect is 4364 under Security.  But I can't tell if it was someone that just disconnected him/herself or if it was the encryption error.  

We are a 24/7 business so there is usually always someone on the server.  Last time I tried to try a fix - I bumped everyone off.  Oops.  So i hate to just "try this".  

On the thin clients, I did make a change.  I used to have three logins, one admin (me only), supervisors (core username) and user.  I have cybersitter installed on all because we have had issues with surfing inappropriately.  I changed it so the supervisors and users used the same User login.  I did create/save the RDP for manager/user.  Manager has a login, all staff use another login - we have 200 employees, too many to have their own login since we are non-profit!    Managers have told me they have seen an increase in the error since I added them to the user side.  User and Supervisor have the same abilities on the computer.  One just had full access to the internet, the other has some restrictions, but full access to the server address...

Is there something on the client side that I can try?

Thank you
Stephanie Foster
0
Comment
Question by:StephanieFoster
  • 5
  • 3
8 Comments
 
LVL 28

Accepted Solution

by:
Michael Pfister earned 500 total points
ID: 39184064
You could try increasing the SSL logging, see http://support.microsoft.com/kb/260729/en-us
by setting the value of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging to 7

I'd recommend to do that on the client and on the server.

What did you try to fix it on the server?

I'v seen a recommendation to modify the Security Layer of RDP-TCP to
 "RDP Security Layer" (default is Negotiate). needs to be done on the server.
0
 

Author Comment

by:StephanieFoster
ID: 39184728
I'll try that - thank you.  Can I do the above to the server when there are people logged on?  I may try it first thing in the morning (5:00ish am) when there may be just a couple people, if any on.  The only bad thing is that I am at home when I do that, so if I mess something up, it is down for about 2 1/2 hours...

Here is what I did to the terminal server - I disabled the Large Send Offload under the Broadcom advanced settings.  After I temporarily took down the server (I learn by mistakes!) I decided I'd best not do anything else until I was either the only one on or I had asked what would be the best thing to try.
Stephanie
0
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 39186904
The change on the server won't break existing connections. The only side effect will be that, depending on the RDP version your clients are using, you will get a security warning when connecting.
0
 

Author Comment

by:StephanieFoster
ID: 39192305
I tried both of the above (increasing the SSL logging on the client and server) and modified the RDP Security Layer on the server.  I've had reports today that the issue is still happening.  it is only happening to staff on these thin clients.  I'm thinking now it might have to do with the CyberSitter.  Even though I have added the ip address to the server to the "always allow" these sites it must be something there.  I'm guessing I will need to allow staff full internet access at the off site locations.  Not really what I want.  I will try that at one location and see what happens.

Thanks for your help.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 28

Expert Comment

by:Michael Pfister
ID: 39195111
After increasing the logging Level did you see any SCHANNEL events logged?
0
 

Author Comment

by:StephanieFoster
ID: 39195597
I looked but didn't see anything?  Not sure exactly where to look.  I didn't see anything that specifically said SCHANNEL.
0
 

Author Comment

by:StephanieFoster
ID: 39216175
Well, I tested at one location by turning off cybersitter.  No issues since.  While the SCHANNEL has seemed to slow them down, it didn't stop them all together like the cybersitter did.  

thank you for your assistance.
0
 

Author Closing Comment

by:StephanieFoster
ID: 39216181
While it was not the whole fix, it did help somewhat on both sides - both client and server.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now