Sasser and Terminal Server remote administration mode

T

tassol

The sasser worm hit one of our webservers last week.
Since then we have patched and cleaned the system. We can
no longer connect to it using Remote Desktop Client.

when we telnet to "telnet www.myip.com 3389" we can see
the server accepting the connection through term serv
manager but we cannot connect using the full client.

Can anyone help resolved r do we need to rebuild?
 
A

Andrew

Try This

Error Message: The RDP Protocol Component "DATA
ENCRYPTION" Detected an Error...
View products that this article applies to.

This article was previously published under Q323497

IMPORTANT: This article contains information about
modifying the registry. Before you modify the registry,
make sure to back it up and make sure that you understand
how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the
registry, click the following article number to view the
article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS
After you install Windows 2000 Security Rollup Package 1
(SRP1), Terminal Services clients may not be able to
connect to the Terminal Services server. When this
problem occurs, event ID 50 is recorded in the System
event log:

Event Type: Error
Event Source: TermDD
Event ID: 50
Description:
The RDP protocol component "DATA ENCRYPTION" detected an
error in the protocol stream and has disconnected the
client.

For additional information, click the article number
below to view the article in the Microsoft Knowledge
Base:

307454 MS01-052: Invalid RDP Data Can Cause Terminal
Services Failure

The Terminal Services client may also receive the
following error message during a connection attempt:

The terminal Server has ended the connection.

CAUSE
A potential race condition between the Icaapi.dll and
Rdpwsx.dll dynamic-link libraries (DLLs) may cause the
private certificate key on the Terminal Services server
not to be synchronized.

RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may
cause serious problems that may require you to reinstall
your operating system. Microsoft cannot guarantee that
you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, delete the Certificate String
value under the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermS
ervice\Parameters

After you delete the value, restart the computer. The
value is automatically generated again.

STATUS
Microsoft has confirmed that this is a problem in the
Microsoft products that are listed at the beginning of
this article.

It worked for me.
 
E

Eddie Walker

I have the same problem too:

I did what the article below says to do, but i am still unable to connect,
using remote desktop connection i get a time out mesasge.
 
T

Tom S

Worked for me...

Thanks...

Tom S

Andrew said:
Try This

Error Message: The RDP Protocol Component "DATA
ENCRYPTION" Detected an Error...
View products that this article applies to.

This article was previously published under Q323497

IMPORTANT: This article contains information about
modifying the registry. Before you modify the registry,
make sure to back it up and make sure that you understand
how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the
registry, click the following article number to view the
article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS
After you install Windows 2000 Security Rollup Package 1
(SRP1), Terminal Services clients may not be able to
connect to the Terminal Services server. When this
problem occurs, event ID 50 is recorded in the System
event log:

Event Type: Error
Event Source: TermDD
Event ID: 50
Description:
The RDP protocol component "DATA ENCRYPTION" detected an
error in the protocol stream and has disconnected the
client.

For additional information, click the article number
below to view the article in the Microsoft Knowledge
Base:

307454 MS01-052: Invalid RDP Data Can Cause Terminal
Services Failure

The Terminal Services client may also receive the
following error message during a connection attempt:

The terminal Server has ended the connection.

CAUSE
A potential race condition between the Icaapi.dll and
Rdpwsx.dll dynamic-link libraries (DLLs) may cause the
private certificate key on the Terminal Services server
not to be synchronized.

RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may
cause serious problems that may require you to reinstall
your operating system. Microsoft cannot guarantee that
you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, delete the Certificate String
value under the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermS
ervice\Parameters

After you delete the value, restart the computer. The
value is automatically generated again.

STATUS
Microsoft has confirmed that this is a problem in the
Microsoft products that are listed at the beginning of
this article.

It worked for me.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top