none
"Because of an error in data encryption" I get disconnect RDC

    Question

  • Hi,

     

    I am connecting to Server 2008 via RDC from Vista Ultimate. I just finished a new install and since then I am getting very intermittently the above fault.

    I never had this before, and this is at least 3 month now.

     

    Any glues, I checked the registry, as per previous problems, but no luck.

     

    Thanks

     

    Sepp Schembera

    Tuesday, July 17, 2007 12:10 PM

Answers

  • I have now discarded Server2008 and using Server 2003 --- no problems.

     

    It seems to be to combination of Server 2008, vista Ultimate and Virtual Server 2005 R2 SP1.

     

    The problem did not exist with VS 2005 !

     

    Regards

     

    Sepp Schembera

     

    Friday, July 20, 2007 11:08 PM
  • Thanks for the report. Our test team is currently looking at the issue, and I'll reply with any updates we have.

    Monday, August 06, 2007 7:59 PM

All replies

  •  

     

    Hi,

     

    Unfortunately, I'm experiencing the same behavior.

     

    Windows 2008 Datacenter build 6001 (just installed the Virtual server 2005 R2 SP1 and VMRCPlus)

    Windows Vista Ultimate

     

    In fact, when I try to connect to the server, I can do some work (few seconds) but very quicky, the screen is freezing (then the connection seems to be slow. I click somewhere and it take 10 minutes to unblock) and sometimes, I receive the error "Because of an error in data encryption, this session will end"

    I tried several connection changes on the server, check the registry (both client and server) but still have the same problem. Trying reboot and so on. Still have the same problem

     

     

    any idea?

     

    Many thanks,

    Private

     

     

    Thursday, July 19, 2007 4:24 PM
  • For my problem, the answer is in the question.

     

    When  "Virtual server 2005 R2 SP1" is removed, the problem does not appears.

     

    In the same session, I remove VS then reinstall it, the problem disappears but in the web console, I see that an error has occured

    "No network adapter was found on the host machine. To fix this problem, re-enable the Virtual Server Emulated Ethernet Switch service on one or more network adapters or reinstall Virtual Server."

     

    Virtual network adapter problem?

     

    64bits (machine + OS + VS)

     

    Regards

     

     

    PS: will check next reboot.

    Thursday, July 19, 2007 4:54 PM
  • I have now discarded Server2008 and using Server 2003 --- no problems.

     

    It seems to be to combination of Server 2008, vista Ultimate and Virtual Server 2005 R2 SP1.

     

    The problem did not exist with VS 2005 !

     

    Regards

     

    Sepp Schembera

     

    Friday, July 20, 2007 11:08 PM
  •  SeppSchembera wrote:

    I have now discarded Server2008 and using Server 2003 --- no problems.

     

    It seems to be to combination of Server 2008, vista Ultimate and Virtual Server 2005 R2 SP1.

     

    The problem did not exist with VS 2005 !

     

    Regards

     

    Sepp Schembera

     

     

    Dear Ayesha Mascarenhas MSFT ,

     

    This was not a solution, or a resolve, just a desperate move. I still would like to use Server 2008!!!!!!!!

    There MUST be a way to get my preferred combination working!

    Just to reiterate, Server 2008, Vista Ultimate (or Business) and Virtual Server 2005 R2 SP1 (until the hypervisor is availabe) is my choice and I would like to use it.

     

    So please do not mark it as resolved!

     

    Thanks

     

    Sepp Schembera

     

    Wednesday, July 25, 2007 10:12 PM
  • Can you more detailed information on your hardware?

     

    Thursday, July 26, 2007 9:43 PM
    Moderator
  • No problem,

     

    HP DL 380 G5 6GB RAM, Raid 1 37GB System drive, Raid 5 300 GB net Data Drive, 1000 NIC (Server),

    Intel Core Duo 2.6 , 2 GB Ram, Raid 1 250GB, 1000 NIC, (Client) Vista Ultimate

     

    Regards

     

    Sepp Schembera

     

    Thursday, July 26, 2007 10:20 PM
  • Thanks for the report. Our test team is currently looking at the issue, and I'll reply with any updates we have.

    Monday, August 06, 2007 7:59 PM
  •  

    I have the same problem

    My hardware configuration:

    Dell Quad Core Xeon Processor X53552x4MB Cache, 2.66GHz, 1333MHz FSB, PE2950, 32GB RAM

     

    My installation before the problem

    Windows Server 2008 Build 6001 64bits

    Application Server

    Desktop Experence

    Windows SharePoint Service

    SQL Server Enterprise 2005 64 bits

    Windows Media Services

    Terminal Services

    Web Server

    File Services

     

    When I installed Virtual Server R2 SP1, my remote connection fails intermitently, and all connections was very slow.

    Unistall VS not resolve slow remote connections. I have reinstall all :-(

    Friday, August 10, 2007 9:25 PM
  • Any more updates on this?

    Im getting the same error when logging into 2003 sbs  from a vista business notebook.

    Wednesday, October 03, 2007 2:43 AM
  • I am seeing the exact same error. Using Vista Business fully patched and Server 2003 R2 fully patched both 64 bit and 32 bit as well as ent and std. 

    Did not ever have the issue with XP, I was beginning to blame my new laptop with Vista. Seems it might in fact be the OS.

    No one running XP is reporting this to the same servers, and I am the only one running Vista who remotes to the servers at this time.

     

     

    Monday, October 08, 2007 4:46 PM
  • I am also getting the same error message but under a slightly different scenario:

     

    Connecting from XP (SP2) to a W2K8 Enterprise x64 server (Dell 2950). This server runs Windows Virtualization. I have another server running W2K3 R2 SP1 which runs Virtual Server 2005 R2 SP1 which hosts System Center Virtual Machine Manager (runs W2K3 R2 SP2). Once I connect the W2K8 Virtualization server to the SCVMM server, I can no longer connect to the W2K8 using RDP.

     

     

    Thursday, October 11, 2007 8:49 PM
  • Having the same problem (same error message and behaviour)
    I am using Vista Ultimate and connect through RDC to a XP Professional machine.

    I also tried TightVNC (which works perfectly on XP) but Vista is not able to run this genius app correctly (BSOD, or only initally refreshes the screen and then stops working - but I am able to see mouse move and keyboard input on the remote machine if there is a display attached)

    32bit everywhere!

    Vista has a pretty face but nothing else ... Missing the productive days with XP ...


    Thanks for any help!!

    Btw, of course I have a legal copy of Vista Ultimate can I get M$-support?
    • Proposed as answer by Kvittern Friday, August 23, 2013 6:22 AM
    Thursday, October 18, 2007 7:35 AM

  • Same issue.
    Dell PE2900 2xXeon5160 w/4GB, onboard BCM NXII nics.

    -TS session from WS2003R2 and XPSP2 (both x86) to WS2008RC0x64.
    -Working fine after fresh install
    -Installed VS2005R2SP1x64.
    -Issue appears (within minutes)
    -Also occurred under WS2008b3x64

    I've tracked the issue down to the old chesnut, TOE.
    To workaround this issue, set the host NIC property "IPv4 Large Send Offload" to disabled.
    Alternatively, bind RDP to a non-TOE interface, or one with working TOE.

    Help make a difference, lodge a bug!

    NIC/Driver information:
    -Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    -B06BDRV\L2ND&PCI_164C14E4&SUBSYS_01B11028&REV_11
    -netbxnda.inf:broadcom.ntamd64.6.0:bcm5708c_amd64wlh:3.7.11.0:b06bdrv\l2nd&pci_164c14e4
    Dell do not have anything newer for longhorn available.

    ....commentary alert..
    While you're there, kill Flow Control, Checksum Offload, Receive Side Scaling and (Priority & VLAN if you can).
    This stuff started with the MS "Scalable Networking Pack" and is to do with TCP Chimney/hardware offload, SMP-aware packet processing, DMA-based packet processing etc. TURN IT ALL OFF. You could lose hours of your life troubleshooting issues caused by these marvels of hackery. ISA Server 2006 is another common victim of TOE issues.
    TOE is one of these great new ideas (like kernel-mode http.. the horror) that is more focussed on capturing benchmark awards than anything else.
    Every time I have had these issues I had to troubleshoot them by hand, MSKB offered little to no insight.
    From what I've seen checksums, headers, etc get mangled by the offload process in some circumstances. And you often won't see it in Netmon, only with a wire-line sniffer.
    There are heaps of barriers to offload working properly - until these are resolved/go away with time, TURN TOE OFF.
    Broadcom are particularly bad at TOE.




    • Proposed as answer by Brice Servais Saturday, August 09, 2008 3:57 AM
    Monday, October 22, 2007 3:29 AM
  • It seems that I am also a victim of TOE! (TCP/IP Offload Engine)

     

    But where to disable IPv4 Large Send Offload or how bind RDP to a non-TOE interface? Registry, UI, ....? Can you give us a hint?

     

    Test: I tried to connect my Vista Ultimate via RD to a Windows Server 2003 in our company via VPN it seems to work. But when I connect my Vista machine via RD to my XP Professional machine locally the problem occurs after minutes (connected my Vista and XP Pro via crossover cable)

     

    Thanks in advance!

    Monday, October 22, 2007 6:11 AM
  • As far as I know LSO is per-adapter.
    The recommended approach is via UI. I can't remember offhand how to get to it under longhorn/vista (in fact it takes me ages to find the adapter list at all).. but to get to the right place under current Windows you'd go start-settings-network connections, rightclick-properties on the NIC, hit Configure, Advanced tab, and there are the options you want. You'll have to translate that into the 'new way'.

    Other options (YMMV):
    -Previous versions maintained this stuff in ccs\control\class under the adapter class, don't know how much of this has been maintained (maybe now in glorified INI files.. uh XML .configs Smile)
    -May also be a way to do it via netsh, chimney used to be in there but IIRC it's gone/moved
    -Install a 'simple' nic (eg intel 8255x) and disable onboards (EDIT: Joy of joys, looks like there's no driver for the classic eepro! I've no suggestions for a substitute.)
    -Try pulling the TOE key off the motherboard
    -Or disabling TOE in the BIOS
    -Possibly route a subnet to a loopback adapter, and unbind everything other than IPv4 from the BCM nic.
    (yep, the super-cool Microsoft Loopback Adapter is still there, thank heavens! Never underestimate the value of Loop0.. I use them all the time on VS hosts, using RRAS to terminate PPTP sessions to a loopback adapter then attaching that loopback adapter to a virtual switch, and homing guests to this for management purposes).
    -Check switchport counters for errors. Automagical speed/duplex isn't always so magical. Some switches don't like flowcontrol/pause frames.

    Aside from TOE being evil, cause of global warming, antifreeze in fish tank, etc, there can be other reasons for data being corrupted somewhere between RDP stack and TS client app. I'm sure the trigger for the "encryption error" is damage to frame/packet/segment/blob integrity. The root cause, however, could be anything.

    Try perfmon and see if there are any TCP retransmits or other suspicious counter spikes while reproducing the error. Perfmon is invaluable if you get to know how to use it. The other option is NetMon (run from the client end), though NM31 is not nearly as useful as SMS Netmon (2.0) as it lacks Experts. Isolate client/server from other traffic sources to get best results.
    Look for retransmits, evidence of failed checksums, dup acks, etc.

    Let us know how you get on!

    Monday, October 22, 2007 12:40 PM
  • Thank you for your answer!

    I assume:
    Device Manager --> Network adapters --> <Network???card> --> Properties --> Advanced:

    There is a list of properties (e.g. "Flow Control", "Speed & Duplex", ...) Since I have no access to the machine at the moment I assume there should be a setting like "Offload Engine"? Of if there is none I can add the property vie Registry Editor (have made this for changing the MAC adress of another network adapter which works fine). But to do so I need the exact Name of the property...

    I hope this is the solution to ged rid of the data encryptin problem because I have already wasted a lot of time for this issue

    BTW, I am using a "USB to RJ45" adapter for connecting to the "remote" XP machine...

    Edit_2007-10-24: The manufacturer of the
    "USB to RJ45" adapter has sent me a new driver which I will also give a try if the other procedure does not solve the data encryption problem even it's a Vista driver and the problem occurs on XP side ;-) (AX88178_Vista_32Bit_v1.8.3.3_WHQL.zip)

    Connecting from Vista Ultimate to Windows Server 2003 via VPN works! But Vista Ultimate to Windows XP Professional (locally with a cross-over cable) causes the data encryption problem.

    So I assume that the problem is on the NIC on the Windows XP Professional machine.
    • Proposed as answer by Cindy G Thursday, September 04, 2008 6:53 PM
    Tuesday, October 23, 2007 11:33 AM
  • Ifind this interesting that I have experienced the same issue after installing Virtual Server 2005 R2 on a 2008 Enterprise RC1 machine.

     

    Monday, January 28, 2008 6:56 PM
  •  

    Thanks for the tip.

     

    My Host PC has a RealTek Gigabit network adapter.

     

    Went to

     

    Show all Connections

    Local Area Connection -> Properties

    Pressed the Configure button (for the Chip)

    Advanced;

     

    and set the following disabled: Offload TCP LargeSend

     

    It looks like the problem is gone.....

     

     

    • Proposed as answer by Mike DePouw Thursday, September 04, 2008 12:28 AM
    Tuesday, January 29, 2008 6:45 PM
  •  bengg wrote:
     

    It looks like the problem is gone.....



    ... it looks like.. hope the problem is really gone ;-) I'll give it a (second) try (tried a lot of things and can't remember if I tried this)

    thx,  hfr

    Wednesday, January 30, 2008 8:17 AM
  • So a few weeks later, I can say, that indeed it solved the problem. And not only that it also solved another problem.

    On the server I have occasionaly running a P2P download program (emule), and when it was running then a few times a day, my ADSL router just hangs and needs a power dis/connect to reboot and to get working again.

    This is no longer a problem, apparently because of the same change ,

     

    bengg

     

     

    Thursday, February 14, 2008 12:06 PM
  •  bengg wrote:
    So a few weeks later, I can say, that indeed it solved the problem. ...


    Sounds (very) good ... Since it not worked for me maybe I have done something wrong. To avoid this please tell me exactly what to do:

    Is the exact(!) name of this setting "Offload TCP LargeSend"? (or OffloadTCPLargeSend, OffloadTCP LargeSend etc. - spaces important!). This is important because my NIC driver does not offer me this setting and so I have to add it via the registry (yes, this is possible and that's why I need the exact name). You may post the full registry name here?

    To ensure: This setting has to be done on the server?

    My environment:
    Vista Ultimate (Client) ------ RD -----> XP Professional (Server)
    (I am sitting in front of the Vista machine and I'd like to control the XP machine from the Vista desktop)

    thx in advance, hfr
    Thursday, February 14, 2008 1:06 PM
  •  

    The name would probably be only the same as mine, if you have the same ethernet controller. It seems the name is different for different vendors. I just checked another PC and there it is called  'Task Offload'

     

     

    And on my server it was called "Offload TCP LargeSend". You may just have to check all your advanved settings for your controller, google for it on internet and see what the are. My understanding is that it off loads the operating system on your computer by doing the CRC check by the controller instead of the operating system.

     

    bengg

    Thursday, February 14, 2008 1:44 PM
  • Have you tried logging into console and check from there?

     

    Thursday, February 14, 2008 7:13 PM
  • Thanks! this was helpful. I got my issue resolved.

     

    Thursday, February 14, 2008 7:18 PM
  • deleted
    Saturday, February 23, 2008 4:26 PM
  • deleted
    Saturday, February 23, 2008 4:39 PM
  • deleted
    Saturday, February 23, 2008 4:43 PM
  • NIC on my XP Pro machine:

    D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A)

    Adaptive Interrupt=Enabled

    Connection Type=Auto-Negotiation

    Flow Control=Disabled

    Receive Buffers=64

    Transmit Buffers=64

    Validate Packet Length=Disabled

    Wake up Type=OS Controlled


    Since the setting is not offered by the drive I have to edit the registry! (already made this for the MAC-Address-Setting and this worked!!) So, 2hat I needed to know now is the exact structure of the registry of the "Task Offload", "Offload TCP LargeSend" setting. I tried the following which not worked:
    Offload TCP LargeSend

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001\Ndi\params\OffloadTCPLargeSend]
    "type"="enum"
    "ParamDesc"="Offload TCP LargeSend"
    "default"="0"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001\Ndi\params\OffloadTCPLargeSend\enum]
    "0"="Disabled"
    "1"="Enabled"



    Please can somebody who has a similar D-Link NIC post his registry settings here so that I can try it?

    Info: ParamDesc is the stuff which is displayed in the Adcanced Settings tab of the NIC properties dialog.

    Saturday, February 23, 2008 4:51 PM
  •  

    Dito - This problem occured to me when I installed Virtual Server 2005 R2 on a 2008 Enterprise RC1 machine aswell.
    Monday, March 31, 2008 9:02 AM
  • dito same as above
    windows 2k8 server
    virtual server 2005
    quad xeon 2.0ghz
    8 gb ram
    2tb hdd

    any solution to this issue?
    Tuesday, April 08, 2008 9:41 PM
  •  

    Did you check the suggested Ethernet connection properties as described in a few posts back?
    Wednesday, April 09, 2008 7:49 AM
  • This is still happening on the released Server 2008 32-bit OS.  I am connecting from Vista Ultimate, and after installing Virtual Server 2005 R2 SP1 I get these disconnections.  I did not WANT to install Virtual Server, but the Hyper V only works on 64 bit systems.  Please help, I need to host a few VMs in the next week!

     

    Wednesday, May 14, 2008 3:44 PM
  • NOTICE - NOTICE - NOTICE - SOLUTION - SOLUTION - SOLUTION

     

    See the below link for the very simple solution to my problem with with Server 2008 and Virtual PC on a Dell PE 1950 with Broadcom Extreme II nic's.  Yet to see if it works for Hyper-V, if anyone tries and it works let me know.

     

    I hope this saves the next guy hours of aggravation!!!

     

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3394237&SiteID=17&mode=1

     

    Regards,

     

    Marc

     

    • Proposed as answer by Mike DePouw Friday, September 05, 2008 1:27 AM
    Saturday, May 24, 2008 12:19 AM
  • I got the solution for me. Maybe my solution is helpful to others.

    I looked at the registry on a machine where the problem does not occur and found the following registry key:
    HKLM\ SYSTEM\ CurrentControlSet\ Control\ Class\ {4D36E972-E325-11CE-BFC1-08002bE10318}\0012\ LargeSendOffload=1

    Since 0012 does not exist on my machine (where the problem occurs) I looked at the other keys and found the network adapter causing the problem: 0002 in my case.


    HKLM\ SYSTEM\ CurrentControlSet\ Control\ Class\ {4D36E972-E325-11CE-BFC1-08002bE10318}\????\ LargeSendOffload=1

    Just replace
    ???? by the number of your network card (you'll find it). I was surprised that LargeSendOffload=1 works. I assumed LargeSendOffload=0 should be the solution. I only tried 1 and I am happy that it works now!

    You should reboot your machine to ensure that the new setting is really used.



    Programming is a kind of art but not all programmers are artists.
    • Proposed as answer by hfrmobile Wednesday, July 30, 2008 2:35 PM
    Sunday, June 22, 2008 9:46 AM
  • Thank you Ben Ryan - the solution you provided worked for me. 

    Cindy G.
    • Proposed as answer by TherealCindyG Monday, June 08, 2009 6:01 PM
    Tuesday, July 08, 2008 6:16 PM
  • Ben Ryan said:

    As far as I know LSO is per-adapter.
    The recommended approach is via UI. I can't remember offhand how to get to it under longhorn/vista (in fact it takes me ages to find the adapter list at all).. but to get to the right place under current Windows you'd go start-settings-network connections, rightclick-properties on the NIC, hit Configure, Advanced tab, and there are the options you want. You'll have to translate that into the 'new way'.

    Other options (YMMV):
    -Previous versions maintained this stuff in ccs\control\class under the adapter class, don't know how much of this has been maintained (maybe now in glorified INI files.. uh XML .configs Smile)
    -May also be a way to do it via netsh, chimney used to be in there but IIRC it's gone/moved
    -Install a 'simple' nic (eg intel 8255x) and disable onboards (EDIT: Joy of joys, looks like there's no driver for the classic eepro! I've no suggestions for a substitute.)
    -Try pulling the TOE key off the motherboard
    -Or disabling TOE in the BIOS
    -Possibly route a subnet to a loopback adapter, and unbind everything other than IPv4 from the BCM nic.
    (yep, the super-cool Microsoft Loopback Adapter is still there, thank heavens! Never underestimate the value of Loop0.. I use them all the time on VS hosts, using RRAS to terminate PPTP sessions to a loopback adapter then attaching that loopback adapter to a virtual switch, and homing guests to this for management purposes).
    -Check switchport counters for errors. Automagical speed/duplex isn't always so magical. Some switches don't like flowcontrol/pause frames.

    Aside from TOE being evil, cause of global warming, antifreeze in fish tank, etc, there can be other reasons for data being corrupted somewhere between RDP stack and TS client app. I'm sure the trigger for the "encryption error" is damage to frame/packet/segment/blob integrity. The root cause, however, could be anything.

    Try perfmon and see if there are any TCP retransmits or other suspicious counter spikes while reproducing the error. Perfmon is invaluable if you get to know how to use it. The other option is NetMon (run from the client end), though NM31 is not nearly as useful as SMS Netmon (2.0) as it lacks Experts. Isolate client/server from other traffic sources to get best results.
    Look for retransmits, evidence of failed checksums, dup acks, etc.

    Let us know how you get on!



    Thanks a bunch!  it was very helpful.
    Tuesday, July 08, 2008 6:17 PM
  • Thank You Ben Ryan !!

    8mths after you posted and still helping !!

    Thanks again.
    Tuesday, July 08, 2008 9:30 PM
  • worked great for me too ... now I can use Remote desktop from Win vista Premium to Win Vista Ultimate without any 'encryption' error ... my NIC is an Atheros L1 Gigabit Ethernet and by turning off 'Task Offload' the problem is solved ...
    Tuesday, July 22, 2008 11:28 PM
  • Thanks Ben !!

    Brand new server, win2008 x64 + Exch2007, RDP works fine.  Nothing to do with Virtual Server for me.

    One reboot after Symantec Endpoint installs, RDP fails with "because of an error in data encryption this session will end".

    Your solution did the trick !
    Set the host NIC property "IPv4 Large Send Offload" to disabled.

    Go figure..

    Though it works fine now, I'd still like an explaination... Did Symantec trigger this ?

    Bizzare...but thanks :)

    Brice.
    Saturday, August 09, 2008 4:02 AM
  • Mike Sterling,

    Any updates?  We're experiencing the same problem.

    Thanks.
    Regards, Mike DePouw
    Thursday, September 04, 2008 12:35 AM
  • all i know, is it's still working for me.
    Cindy G
    Thursday, September 04, 2008 6:53 PM
  • My bad... I didn't see page two of the forum post.  I see the "easy to read" posts on how to fix it.

    Even still though, the problem was reported a while ago, why are users still experiencing this?  Why hasn't software updates resolved this problem?

    Regards, Mike DePouw
    Friday, September 05, 2008 1:31 AM
  •  Try this....

    Go to Start, Windows Update or update.microsoft.com.  Click Optional Updates/Software after it scans your computer.  Add Remote Desktop 6.0.   Install Updates 
    Wednesday, September 17, 2008 7:46 PM
  • Thanks, this fixed my problem also. I have Vista Enterprise x64 and was connected to a Windows Server 2008 Enterprise Server. I would get this error message every few minutes. All though, I didn't start getting the error message until I installed virus protection on my server.
    Thursday, February 05, 2009 6:23 PM
  • Ryan Froman said:

     Try this....

    Go to Start, Windows Update or update.microsoft.com.  Click Optional Updates/Software after it scans your computer.  Add Remote Desktop 6.0.   Install Updates 


    Hi Ryan, I'm already running Remote Desktop 6.x.
    Regards, Mike DePouw
    Thursday, February 05, 2009 6:25 PM
  • Thank you Ben Ryan - the solution you provided worked for me. 

    Cindy G.

    HOW quickly i forgot how easy the solution was. 
    Monday, June 08, 2009 6:02 PM
  • Hi all,
    Thanks for the kind words. Nice to know one is helping others :)
    I will copy this and other relevant info to my blog and write it up as an article with the current best approach to killing TOE/SNP - http://benryanau.spaces.live.com/blog/

    An update on this issue plus info for similar propblems in WS2003 (AND Windows XP)

    http://support.microsoft.com/kb/912222/ - The Microsoft Windows Server 2003 Scalable Networking Pack release

    http://support.microsoft.com/kb/948496 - An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers
    http://support.microsoft.com/kb/950224 - A Scalable Networking Pack (SNP) hotfix rollup package is available for Windows Server 2003
    (I'm not yet sure which one to use!)

    http://support.microsoft.com/kb/904946/ - You experience intermittent communication failure between computers that are running Windows XP or Windows Server 2003
    http://support.microsoft.com/kb/951037/ - Information about the TCP Chimney Offload, Receive Side Scaling, and Network Direct Memory Access features in Windows Server 2008


    It seems Microsoft has realised the impact of defects in the Scalable Networking technologies.. sadly, the 'fix' is to turn it off. I'd rather see the bugs fixed properly, where we can use the benefits it has to offer without the problems. Take a look at http://support.microsoft.com/kb/948496 and be amazed at the litany of major issues SNP can trigger!


    cheers
    ----
    For search engine priming..

    The exact error is: "Because of an error in data encryption, this session will end.  Please try connecting to the remote computer again"
    Keywords: SNP, TOE, RDP Windows Server 2008, Windows Server 2003, network, disconnect, disconnected, remote desktop, terminal services client, TSC, MSTSC, DisableTaskOffload, EnableTCPA, EnableTCPChimney, EnableRSS, VPN 

    • Edited by benryanau Tuesday, August 04, 2009 3:56 AM Updated with more info and keywords
    Sunday, August 02, 2009 3:44 AM
  • Did Microsoft find any solution to this issue????

    Because an error in data encryption this session will end. Please try connecting to the remote computer again.
    Saturday, October 03, 2009 8:30 PM
  • Did Microsoft find any solution to this issue????

    Because an error in data encryption this session will end. Please try connecting to the remote computer again.

    I am afraid: No ...

    But there seems to be several causes of the problem ... Mine was that the network adapter ... and several solutions/workarounds ...

    Programming is a kind of art but not all programmers are artists.
    Wednesday, October 28, 2009 11:35 AM
  • I just came across this error myself. I was attempting to remote desktop in from one XP machine to another. To fix, I went into the Registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters

    After exporting this for safekeeping, I deleted the Certificate keys. I restarted the target PC and was able to successfully connect. I can only surmise that the problem is a corrupted certificate or something. Deleting the certificate stored in the registry seems to have reset it. The certificate key is different from the previous one, so maybe the target PC's certificate expired?

    Mostly just guesswork here, but this solution worked for me!
    • Proposed as answer by EngrB Monday, April 04, 2011 5:28 PM
    Tuesday, December 15, 2009 5:53 PM
  • i have disabled tcp offload on my virtual server dose the tcp offload need to also be disabled on the host os?

    cause my problems are still occurring.
    Thursday, February 04, 2010 3:53 PM
  • Hi

    -Regarding - RPD Data error encryption (Server 2008 R1 & R2 - X64)

    I had a similar issue on DELL2950 & HP 360 G5 and this issue is solved after disabled the Large Send offload V1, V2     - HP &    IPV4 large Send offload  -  DELL (Broadcom) NIC’S.

     

    Fyi    DeviceManager >> Select the available NIC >> Advanced

     

    Nick.

    • Proposed as answer by jbishop9904 Tuesday, June 29, 2010 2:19 PM
    Monday, June 14, 2010 3:43 PM
  • The FINAL fix...upgrade to Remote Desktop Client version 7 on the client side. Had the same problem with brand new Dell server running Win2008 R2.

     

    Justin

    Tuesday, June 29, 2010 2:20 PM
  • Big thanks to benryanau

    Fix

    Local Area Connection -> Properties -> Configure -> Advanced -> IPv4 Large Send Offload = Disabled.

    Environment

    HP Proliant ML350 5G

    Nic - Broadcom BCM5708C

    Server Standard 2008 - Terminal Server

    Virtual PC 2007 hosting XP Professional - After installing this I received the error. The above fixed my issue thanks to benryanau.

    Thursday, October 14, 2010 10:38 PM
  • in my case I had to enable IPv4 Large Send Offload, but it was enabled on the server.

    Edit: This didn't fix the problem, instead of an instant disconnect, my RDP session disconnects in 5 - 10 sec.

     

    Tuesday, October 26, 2010 1:45 AM
  • That's right!!! Thank's a lot, it helped!
    Sunday, November 14, 2010 12:51 PM
  • I'm RDPing in to a Vista box from an XP machine over a VPN.  I get this error at least 50-60 times during a working day.  I have tried the fixes above but none have worked.

    Does anyone know what exactly the error is and who/what is reporting it.  Is there a way of turning off data encryption?  Could it be caused by data corruption over the wire?

    Monday, January 31, 2011 9:32 PM
  • Check MTUs on your routers!

    Wireshark on the computer you are RDPing from will show if data is getting lost/dropped.

    Monday, January 31, 2011 9:47 PM
  • I just came across this error myself. I was attempting to remote desktop in from one XP machine to another. To fix, I went into the Registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters

    After exporting this for safekeeping, I deleted the Certificate keys. I restarted the target PC and was able to successfully connect. I can only surmise that the problem is a corrupted certificate or something. Deleting the certificate stored in the registry seems to have reset it. The certificate key is different from the previous one, so maybe the target PC's certificate expired?

    Mostly just guesswork here, but this solution worked for me!
    Waoh, this was such a fitting end to a day at work, i have had this headache for more than 2 weeks, try  myriad of solutions and voilla, just a little delete...........thanks so much.

    • Proposed as answer by EngrB Monday, April 04, 2011 5:33 PM
    • Edited by EngrB Monday, April 04, 2011 5:34 PM Worked Perfectly
    Monday, April 04, 2011 5:29 PM
  • I just came across this error myself. I was attempting to remote desktop in from one XP machine to another. To fix, I went into the Registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters

    After exporting this for safekeeping, I deleted the Certificate keys. I restarted the target PC and was able to successfully connect. I can only surmise that the problem is a corrupted certificate or something. Deleting the certificate stored in the registry seems to have reset it. The certificate key is different from the previous one, so maybe the target PC's certificate expired?

    Mostly just guesswork here, but this solution worked for me!

    What a life saver! :D  This fixed my problem, too.  Even after disabling TCP/IP offload, my problem continued.  Simply deleted the Cert key, rebooted, and voila! 

    Thanks!!

    Monday, May 09, 2011 7:07 PM
  • I just came across this error myself. I was attempting to remote desktop in from one XP machine to another. To fix, I went into the Registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters

    After exporting this for safekeeping, I deleted the Certificate keys....

    Good hint! I'll try it asap!

    Btw to the others which found this post useful, please use the "Vote As Helpful" link of bPertie's post so that others can see that this solution will work for some of you! For those fixed the problem use the "Propose as answer" link.

    ... target PC's certificate expired ...
    Well this is possible for my PC since the target PC was not connected to the internet for a year or two ;-) Saw another problem where GoogleDocs didn't work due a certificate problem. The solution in that case was even simpler: The system time of the PC was in the past and so the certificate from the GoogleDocs page was "out-of-date" :D

    Programming is a kind of art but not all programmers are artists.
    Tuesday, May 10, 2011 4:28 PM
  • I just came across this error myself. I was attempting to remote desktop in from one XP machine to another. To fix, I went into the Registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters

    After exporting this for safekeeping, I deleted the Certificate keys. I restarted the target PC and was able to successfully connect. I can only surmise that the problem is a corrupted certificate or something. Deleting the certificate stored in the registry seems to have reset it. The certificate key is different from the previous one, so maybe the target PC's certificate expired?

    Mostly just guesswork here, but this solution worked for me!

    I LOVE YOU!!!!!!!!!!!!!!!!!!

    WORK!!! 10 HOURS FOR THIS PROBLEM AND THIS WORK....THANK'S...

     

    Wednesday, June 15, 2011 9:06 PM
  • I just came across this error myself. I was attempting to remote desktop in from one XP machine to another. To fix, I went into the Registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters

    After exporting this for safekeeping, I deleted the Certificate keys. I restarted the target PC and was able to successfully connect. I can only surmise that the problem is a corrupted certificate or something. Deleting the certificate stored in the registry seems to have reset it. The certificate key is different from the previous one, so maybe the target PC's certificate expired?

    Mostly just guesswork here, but this solution worked for me!

    I always like the simplest answer and this was it... Thanks...
    Wednesday, June 22, 2011 1:27 PM
  • i tryed ipv6 instead of v4 and it works

    Tuesday, February 21, 2012 5:51 AM
  • I have just got this error and the only thing I have done recently is install SEP 12.1 SBS A/V (Synamantec) on my SBS 2008 server. I look in the registry for that certificate and nothing like that is there so I guess this does not apply here.

    Any advice appreciated.


    -------------------------- Many thanks for your time.

    Thursday, May 10, 2012 8:12 AM
  • I've just started getting this error after three years of perfect RDP sessions supporting our servers and our customers, now I'm screwed and can't work.  Same laptop, same servers, same ISPs and routers....WTF?!!?

    I had this a few weeks ago and switched from WiFi to Ethernet.  Seemed to clear it up for direct RDP sessions internally and to customers.  However I still have this issue when I try to use VPN+RDP.  Doesn't appear to be an issue on Windows 2003 servers however, only 2008++.

    Tried disabling the offload feature, although that option does not exist on my wireless card.  Anyway, I applied the change ot my NIC and still got the error.

    I noticed this issues has been posted on here repeatedly since 2007.  Way to bury your head in the sand MS.

    Internet Explorere 9....crash, crash, crash...

    RDP.....disconnect, disconnect, disconnect...

    I think your person incharge of quality needs to be encouraged to resign.

    Wednesday, August 22, 2012 9:59 AM
  • I too am having issue with RDP into a 2008 server. We have been using a old window 2000 and had no isssues .  I have computers with vista and windows 7  connecting  through a VPN  to our main buidling from the secondary location. I have disable the offload on first the remote computer and even on the server as well.  On which system should I try the registry  fix for the certificate  listed above
    Wednesday, August 22, 2012 4:58 PM
  • Thank you very much!

    This problem started to me since I was upgrading my work machine to Windows 8. I didn't had that issue with prior version of Windows but performing those settings on my RealTek adapter solved my problem.

    Very handy!

    Friday, August 31, 2012 10:51 PM
  • This worked for me... Thanks.

    my environment is connecting through Real windows 7 machin to a virtual w2008 server, but as soon i moved the offload on the w2008.... it began to work...

    thanks.

    Monday, October 01, 2012 4:58 PM
  • My Issue ended up being Symantec EndPoint Protection 12.1

    Specifically When monitoring Traffic I observed ICMP [type=3, code=3] being blocked to and from core AD & DNS Servers. This server would obviously serve as authentication server. Once I killed the Intrusion Prevention Features and Firewall of Symantec, everything worked. For now I will just disable that for my RDP sessions then will return with a recommended ACL or Symantec firewall rule that allows a whole just big enough for mstsc to operate undisturbed.


    Mariano - Lucon Technologies www.lucontech.com

    Wednesday, May 21, 2014 12:42 AM