Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

XP Embedded client "Because of an error in data encryption..."

Posted on 2013-05-20
8
Medium Priority
?
651 Views
Last Modified: 2013-06-03
I have a 2008 Terminal Server.  I have several XP and Win 7 Prof computers within the main office as well as several outreach (connected via Cisco Routers) that never disconnect.  I have about 18 thin clients running XP Embedded that receive the following error - "Because of an error in data encryption, this session will end.  Please try connecting to the remote computer again."  This can happen once or twice in a day, or as it just happened to a staff - seven times within an hour.  It always lets them back on and it has saved where they were, but as I can attest - it is very frustrating when you are typing along and get booted.  

I have looked ont he server and the only event that looks close to the time of disconnect is 4364 under Security.  But I can't tell if it was someone that just disconnected him/herself or if it was the encryption error.  

We are a 24/7 business so there is usually always someone on the server.  Last time I tried to try a fix - I bumped everyone off.  Oops.  So i hate to just "try this".  

On the thin clients, I did make a change.  I used to have three logins, one admin (me only), supervisors (core username) and user.  I have cybersitter installed on all because we have had issues with surfing inappropriately.  I changed it so the supervisors and users used the same User login.  I did create/save the RDP for manager/user.  Manager has a login, all staff use another login - we have 200 employees, too many to have their own login since we are non-profit!    Managers have told me they have seen an increase in the error since I added them to the user side.  User and Supervisor have the same abilities on the computer.  One just had full access to the internet, the other has some restrictions, but full access to the server address...

Is there something on the client side that I can try?

Thank you
Stephanie Foster
0
Comment
Question by:StephanieFoster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 29

Accepted Solution

by:
Michael Pfister earned 1500 total points
ID: 39184064
You could try increasing the SSL logging, see http://support.microsoft.com/kb/260729/en-us
by setting the value of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging to 7

I'd recommend to do that on the client and on the server.

What did you try to fix it on the server?

I'v seen a recommendation to modify the Security Layer of RDP-TCP to
 "RDP Security Layer" (default is Negotiate). needs to be done on the server.
0
 

Author Comment

by:StephanieFoster
ID: 39184728
I'll try that - thank you.  Can I do the above to the server when there are people logged on?  I may try it first thing in the morning (5:00ish am) when there may be just a couple people, if any on.  The only bad thing is that I am at home when I do that, so if I mess something up, it is down for about 2 1/2 hours...

Here is what I did to the terminal server - I disabled the Large Send Offload under the Broadcom advanced settings.  After I temporarily took down the server (I learn by mistakes!) I decided I'd best not do anything else until I was either the only one on or I had asked what would be the best thing to try.
Stephanie
0
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 39186904
The change on the server won't break existing connections. The only side effect will be that, depending on the RDP version your clients are using, you will get a security warning when connecting.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:StephanieFoster
ID: 39192305
I tried both of the above (increasing the SSL logging on the client and server) and modified the RDP Security Layer on the server.  I've had reports today that the issue is still happening.  it is only happening to staff on these thin clients.  I'm thinking now it might have to do with the CyberSitter.  Even though I have added the ip address to the server to the "always allow" these sites it must be something there.  I'm guessing I will need to allow staff full internet access at the off site locations.  Not really what I want.  I will try that at one location and see what happens.

Thanks for your help.
0
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 39195111
After increasing the logging Level did you see any SCHANNEL events logged?
0
 

Author Comment

by:StephanieFoster
ID: 39195597
I looked but didn't see anything?  Not sure exactly where to look.  I didn't see anything that specifically said SCHANNEL.
0
 

Author Comment

by:StephanieFoster
ID: 39216175
Well, I tested at one location by turning off cybersitter.  No issues since.  While the SCHANNEL has seemed to slow them down, it didn't stop them all together like the cybersitter did.  

thank you for your assistance.
0
 

Author Closing Comment

by:StephanieFoster
ID: 39216181
While it was not the whole fix, it did help somewhat on both sides - both client and server.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question