Terminal Services and Sasser

[Andrew]

One of web servers was infected with the Sasser virus. We
have cleaned it all up and patched it, but now I can't
connect to the sever using TS. I can see the client
connect for split second, then get a generic error
message stating that there might be a network error, or we
have reached the limit for logins. I have reinstalled the
service with no luck. Any one have any advice?

Thanks!

 

[Guest]

Check the event log for errors
Restore from backup

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co

----- Andrew wrote: ----

One of web servers was infected with the Sasser virus. We
have cleaned it all up and patched it, but now I can't
connect to the sever using TS. I can see the client
connect for split second, then get a generic error
message stating that there might be a network error, or we
have reached the limit for logins. I have reinstalled the
service with no luck. Any one have any advice?

Thanks

 

[Andrew]

Here is the fix.

Error Message: The RDP Protocol Component "DATA
ENCRYPTION" Detected an Error...
View products that this article applies to.

This article was previously published under Q323497

IMPORTANT: This article contains information about
modifying the registry. Before you modify the registry,
make sure to back it up and make sure that you understand
how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the
registry, click the following article number to view the
article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS
After you install Windows 2000 Security Rollup Package 1
(SRP1), Terminal Services clients may not be able to
connect to the Terminal Services server. When this
problem occurs, event ID 50 is recorded in the System
event log:

Event Type: Error
Event Source: TermDD
Event ID: 50
Description:
The RDP protocol component "DATA ENCRYPTION" detected an
error in the protocol stream and has disconnected the
client.

For additional information, click the article number
below to view the article in the Microsoft Knowledge
Base:

307454 MS01-052: Invalid RDP Data Can Cause Terminal
Services Failure

The Terminal Services client may also receive the
following error message during a connection attempt:

The terminal Server has ended the connection.

CAUSE
A potential race condition between the Icaapi.dll and
Rdpwsx.dll dynamic-link libraries (DLLs) may cause the
private certificate key on the Terminal Services server
not to be synchronized.

RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may
cause serious problems that may require you to reinstall
your operating system. Microsoft cannot guarantee that
you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, delete the Certificate String
value under the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermS
ervice\Parameters

After you delete the value, restart the computer. The
value is automatically generated again.

STATUS
Microsoft has confirmed that this is a problem in the
Microsoft products that are listed at the beginning of
this article.

 

[Guest]

I have the same problem in Widows 2000 and Windows XP Professional