Solved

XP Embedded client "Because of an error in data encryption..."

Posted on 2013-05-20
8
645 Views
Last Modified: 2013-06-03
I have a 2008 Terminal Server.  I have several XP and Win 7 Prof computers within the main office as well as several outreach (connected via Cisco Routers) that never disconnect.  I have about 18 thin clients running XP Embedded that receive the following error - "Because of an error in data encryption, this session will end.  Please try connecting to the remote computer again."  This can happen once or twice in a day, or as it just happened to a staff - seven times within an hour.  It always lets them back on and it has saved where they were, but as I can attest - it is very frustrating when you are typing along and get booted.  

I have looked ont he server and the only event that looks close to the time of disconnect is 4364 under Security.  But I can't tell if it was someone that just disconnected him/herself or if it was the encryption error.  

We are a 24/7 business so there is usually always someone on the server.  Last time I tried to try a fix - I bumped everyone off.  Oops.  So i hate to just "try this".  

On the thin clients, I did make a change.  I used to have three logins, one admin (me only), supervisors (core username) and user.  I have cybersitter installed on all because we have had issues with surfing inappropriately.  I changed it so the supervisors and users used the same User login.  I did create/save the RDP for manager/user.  Manager has a login, all staff use another login - we have 200 employees, too many to have their own login since we are non-profit!    Managers have told me they have seen an increase in the error since I added them to the user side.  User and Supervisor have the same abilities on the computer.  One just had full access to the internet, the other has some restrictions, but full access to the server address...

Is there something on the client side that I can try?

Thank you
Stephanie Foster
0
Comment
Question by:StephanieFoster
  • 5
  • 3
8 Comments
 
LVL 28

Accepted Solution

by:
Michael Pfister earned 500 total points
ID: 39184064
You could try increasing the SSL logging, see http://support.microsoft.com/kb/260729/en-us
by setting the value of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EventLogging to 7

I'd recommend to do that on the client and on the server.

What did you try to fix it on the server?

I'v seen a recommendation to modify the Security Layer of RDP-TCP to
 "RDP Security Layer" (default is Negotiate). needs to be done on the server.
0
 

Author Comment

by:StephanieFoster
ID: 39184728
I'll try that - thank you.  Can I do the above to the server when there are people logged on?  I may try it first thing in the morning (5:00ish am) when there may be just a couple people, if any on.  The only bad thing is that I am at home when I do that, so if I mess something up, it is down for about 2 1/2 hours...

Here is what I did to the terminal server - I disabled the Large Send Offload under the Broadcom advanced settings.  After I temporarily took down the server (I learn by mistakes!) I decided I'd best not do anything else until I was either the only one on or I had asked what would be the best thing to try.
Stephanie
0
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 39186904
The change on the server won't break existing connections. The only side effect will be that, depending on the RDP version your clients are using, you will get a security warning when connecting.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:StephanieFoster
ID: 39192305
I tried both of the above (increasing the SSL logging on the client and server) and modified the RDP Security Layer on the server.  I've had reports today that the issue is still happening.  it is only happening to staff on these thin clients.  I'm thinking now it might have to do with the CyberSitter.  Even though I have added the ip address to the server to the "always allow" these sites it must be something there.  I'm guessing I will need to allow staff full internet access at the off site locations.  Not really what I want.  I will try that at one location and see what happens.

Thanks for your help.
0
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 39195111
After increasing the logging Level did you see any SCHANNEL events logged?
0
 

Author Comment

by:StephanieFoster
ID: 39195597
I looked but didn't see anything?  Not sure exactly where to look.  I didn't see anything that specifically said SCHANNEL.
0
 

Author Comment

by:StephanieFoster
ID: 39216175
Well, I tested at one location by turning off cybersitter.  No issues since.  While the SCHANNEL has seemed to slow them down, it didn't stop them all together like the cybersitter did.  

thank you for your assistance.
0
 

Author Closing Comment

by:StephanieFoster
ID: 39216181
While it was not the whole fix, it did help somewhat on both sides - both client and server.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question