Solved

Encryption errors disconnecting users from RDC server

Posted on 2013-06-20
26
1,994 Views
Last Modified: 2016-11-23
Hello!

User are being disconnected from our Remote Desktop server with the error..

"Because of an error in data encryption, this session will end.  Please try connecting to the remote computer again"

A little about the setup..

SERVER
Dell PowerEdge 1850
Windows 2008 RS Standard Server - 64-bit with 8GB Ram
Intel PRO/1000 MT Network Adaptor

NETWORK
Sonicwall NAS 250 firewall/router
Netgear FSM7326P Managed POE switch
Netgear FSM7352PS Managed POE switch

CLIENTS
Client machines are various Dell Laptops running Windows 7
Clients are connecting to Remote Desktop Server to run a RemoteApp
Running Sonicwall VPN Client and Microsoft Security Essentials
Clients connect to Remote Desktop Server over LAN and WAN

What I have done so far..
Installed Microsoft Hotfix
Checked that latest NIC drivers were installed
Changed Large Send Offload (IPV4) to disabled
Removed Sonicwall VPN Client computers

This error is also happening, although not as often, to users connecting to our other Terminal Server running Windows Server 2003.

All this seemed to happen when we replaced our Cisco ASA 5500 with the Sonicwall NSA 250.   At this time we also installed the Sonicwall VPN client.  I mention this because I have read articles stating that others have experienced this issue after installing Sonicwall VPN client.  Coincidence?

The majority of the fixes have been changing the Large Send Offload (IPv4) option to Disabled on the servers NIC.  Did this but users are still getting disconnected.

At my wits ends with this problem, not to mention the fact that I have to barricade myself in my office to keep from getting lynched by a mob of frustrated users each day.

Any advice, thoughts, suggestions?  Please let me know if there is any other information I can add to this question to assist with a resolution.
0
Comment
Question by:silsuba
  • 14
  • 7
  • 5
26 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39264984
Some questions in order to understand better:
a. Take a W7 client connecting to the server via LAN: how frequently does that happen? Once per day, once per week, ...
b. Take the same W7 client. What's the RDC client version?
c. You wrote the server it's a W2008 RS. I'm quite sure that's a typo. You have a W2008 R2, correct?
d. What are the RDP server settings for Security Layer and Encryption Level?

Thank you.
0
 

Author Comment

by:silsuba
ID: 39265659
Hello Strivoli, thank you for your response

a. This issue is very sporadic.  It could happen once in a day and not happen again for another day or two, or it could happen many times within an hour.  I have yet to identify and discernible pattern in the errors.
b. Version 6.2.9200.16398
c. Yes, RS was indeed a typo.. W2008 R2
d. Security Layer: SSL(TLS 1.0), Encryption Level: Client Compatible

I await your response
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39265843
Thank you. Consider always the same W7 client which connects to the server via LAN:
a. Run a ping 1000 times from client to server such as ping server -n 1000 and report min/max/ave response times and lost packets. They should all be 0 (zero) since client and server are connected on the same LAN (100Mb?).
b. Do the Windows Application Logs on both (client and server) report any Warnings/Errors entries that might give us further infos? Check System and Security too. You should search for entries at the same date/time the disconnection occurs.
c. Is the W7 client connected wired or wireless to the LAN? Might it be both concurrently?
0
 

Author Comment

by:silsuba
ID: 39271211
Strivoli
a. No ping issues, 100% return on 1000 packets.
b. I've not checked the client side, and the only thing that stands out in the server log is the following error..

"The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client."

I've asked my users to take note of the date/time of disconnects so I can check the client logs and the server logs in more detail

c. The W7 client is mostly wireless.  I've considered the AP, but done nothing more than reboot the device.

Thank you for your assistance with this topic.
0
 

Author Comment

by:silsuba
ID: 39274424
Something new today!  User had the following error..

"Because of a protocol error detected at the client (Code 0x1104), this session will be disconnected.  Please try connecting to the remote computer again"

This was from a Windows 7 client connecting to a W2003 server.  I've not yet had an opportunity to check the server and client logs but will later today.
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39276046
If the W7 client is connected wirelessly check the AP's firmware version. Your AP might work very fine with connections that don't need to be persistent (browsing the web) but might not work fine with persistent connection (such as RDP).
Please check AP's firmware or either ask the user to use a wired connection for some days and ask him for feedback.
0
 

Author Comment

by:silsuba
ID: 39278504
Thanks for the suggestion, but it is unlikely the cause of the trouble since a number of users experience this issue from both the LAN on the WiFi, the LAN on hardwire or over the WAN.
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39281760
It happens with any client, it happens from anywhere (LAN/WAN/wired/wireless), it happens to any server. Is the "Sonicwall NSA 250" updated to latest firmware?
Who is your DHCP server? How long is the lease duration?
0
 

Author Comment

by:silsuba
ID: 39282156
The DHCP server is a Windows 2003 virtual machine with an 8 hour lease.  Yes, the sonicwall is up to date.
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39292670
I'm trying to find out what do all the affected clients have in common.
I think IPv6 isn't needed in your scenario. Could you disable it on at least 1 client and see what happens?
0
 

Author Comment

by:silsuba
ID: 39293073
Strivoli
Thanks for your time and efforts on this issue.  As a general practice I disable IPV6 on clients as we have no need at this time.  IPV6 is also disabled on the server.
0
 

Author Comment

by:silsuba
ID: 39566738
Hello
Believe it not, still having this problem.  I've yet to find a solution.  However I do not believe it is caused by or specific to the server.   We've been trying many different things over the last few month, including hiring a network engineer to inspect our network.  We've even had our Router/Firewall manufacturer look into it.

It seems that this is a network issue.  We've determined this because some users receive the error when connecting to a second Terminal Server or even when connecting from within our network to a VPS hosted elsewhere and over the internet.

Just commenting on this in the hopes that maybe someone would have something to add
Regards
Tom
0
 

Author Comment

by:silsuba
ID: 39669348
More follow up...   I've cached in a Microsoft support credit.  Working with them now to find a solution.  Several changes were made to the server side of things but have yet to resolve.  As the Microsoft support engineer is doing all the work I am not able to list the attempted fixes.

The issue has been passed on to the networking group who will be analyzing capture date between the client and the server.  

I will update as I have more info.
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 1

Expert Comment

by:wolf2008
ID: 39858851
Hello,

I am experiencing this problem on a rather widespread basis; too many details to provide here, but I will if someone believes they can help.  I experience these errors on a simple RDP session to a server in the same room as I am; over wireless or LAN.  I also experience these errors using SonicWall and OpenVPN clients.  I experience the errors using my Winows 7 Pro HP laptop.  I experience these errors using my Dell E6430, or a Dell E6400.  I experience these errors when attempting to RDP to Winows 2008 R2 servers or Windows 2003 servers.

I really need a solution.  Right now I am driving to my clients instead of remote desktop.
0
 

Author Comment

by:silsuba
ID: 39859564
wolf
I've yet to find a solution to this problem and it still exists.  I had worked with Microsoft on this and they were unable to find a problem.  We looked at it from both the network and server sides.

Can you tell me, do you have a SonicWall router anywhere in your environment?  I ask because I suspect that this may be contributing to my problem but can't determine for sure.
0
 
LVL 1

Expert Comment

by:wolf2008
ID: 39860346
Silsuba,

This is becoming more than just an inconvenience for me, so if you come up with any solutions or suggestions, please do forward them.

I work with several clients, so I am always connecting over VPN.  I experience these problems over both SonicWall and OpenVPN; those are the only two VPNs I use.  The firewall/router on the network to which I connect using OpenVPN is a Cisco 1811.  

I also experience this problem when inside the network I am working on, in other words, when using no VPN.  And, I also experience this problem when I connect via RDP to a system which is remote, and which has a one-to-one NAT configured to it.  

I experience this problem from various locations, behind various firewalls/routers.  I experience this problem over WLAN or LAN.  I experience this problem on the following systems, all running Windows 7 Pro:  HP Pavilion, Dell E6430 (I've tried two different laptops of this model), Dell E6400.  There are a variety of antivirus on those systems.

I must point out that this problem dos not always happen.  There are clients I can connect to and I NEVER have this problem.  On the other hand, right now I cannot remote to one client at all.  Of course, there are the in betweens, too.

What else can I tell you?
0
 

Author Comment

by:silsuba
ID: 39886196
I've am in the process of building a new Windows 2012 R2 machine to be used as our RDS server.  Although Microsoft was unable to locate an issue from either the systems nor the network side, having a new machine will tell me if it is related to the server or the network.
0
 
LVL 1

Accepted Solution

by:
wolf2008 earned 500 total points
ID: 39886245
Hi All,

Here is what solved my problem.  I deleted this from my NIC (deleting on one deletes on all):  Citrix DNE Lightweight Filter.

I did this almost a week ago and have not had a single occurrence of this problem since.  Prior to that, I was finding it impossible to have any RDP sessions.
0
 

Author Comment

by:silsuba
ID: 39886250
Hi Wolf
Was that on the client or server NIC?
0
 
LVL 1

Expert Comment

by:wolf2008
ID: 39886260
My apologies.  I made that change on my laptop's NIC, not the server.  

I was having trouble accessing ANY servers until I discovered and tried this.
0
 

Author Comment

by:silsuba
ID: 39886268
At this point, I am willing to try just about anything.  Even if it breaks it further.  I will contact the user who has the most difficulty and give it a go and report back.
0
 
LVL 1

Expert Comment

by:wolf2008
ID: 39886277
Silsuba, that's the point I was pushed to as well.  I do wish you luck.
0
 
LVL 1

Expert Comment

by:wolf2008
ID: 39893033
Silsuba and Everyone:

I found that deleting the DNE filter renders Sonicwall Global VPN client useless.  Having Citrix in the name of this plugin is misleading, as it is not directly tied to the Citrix client that also have installed on my laptop, which was my assumption.  I did not care about the Citrix client since I hardly ever need it, and could live without it.  Unfortunately, I need my global VPN client from SonicWall.

How ironic is this?  When I have my VPN client installed properly, it disrupts my ability to remote desktop over that VPN.
0
 

Author Comment

by:silsuba
ID: 39893268
Well... so much for that.  I removed the DNE Filter from one of the client machines that has the most difficulty.  She reported that she had not received the error in three days when usually she would receive it several times per day.  She does not use the Sonciwall VPN client on a regular basis.

So I then did the same thing for another user.  She DOES use the Sonciwall VPN client daily.  Once I made the change she was unable to connect the VPN.  I will be reinstalling the VPN in the morning.

Good news is that I have evidence that this may be caused by the Sonicwall VPN client.  I can now open a case with Sonicwall
0
 
LVL 1

Expert Comment

by:wolf2008
ID: 39894761
Silsuba, maybe look at using NetExtender or the built-in SSL VPN instead of the Global VPN Client.  There are probably one or two SSL VPN licenses included in your SonicWall bundle.

If you do open a case with SonicWall and get some positive results, I would really appreciate that feedback, as I still need a resolution.  I cannot avoid using the Global VPN Client 100%.
0
 

Author Comment

by:silsuba
ID: 40087113
As it turns out, it was the DNE filter.  However I am no longer with that company so I will never get the ultimate resolution from Sonicwall.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now