RDP protocol Component x.224 found an error in the protocol stream and interrupted the resolution of the Client Connection _win server

Today, a customer response, Remote Desktop can not connect, I looked, ping is normal, telnet a remote port, but also can connect, but the remote Desktop is always not connected, first to help him restart a bit. After the reboot, the remote can log in, went to check the server logs, and found such an error:

The RDP protocol component x.224 found an error in the protocol stream and interrupted the client connection.

Event Type: Error
Event Source: TermDD

Describe:

The RDP "DATA Encryption" protocol component detects an error in the protocol stream and interrupts the client.

Here, RDP, the Remote Desktop protocol. is the server remote connection can not use, and then Baidu came to know that the possible reasons for this situation is:

1: There may be problems with your remote landing component, try to continue remote landing.

2: Someone is attacking you, using brute force to hack into your system, causing the system to refuse service.

If you are using the engine room server, the second kind of higher probability, that is, you are swept chicken to sweep, now network security is a worldwide problem, a lot of room inside a mixed bag, every day have to sweep chickens, if you do not pay attention to network security, such as using some simple weak password, may be minutes your server will change the broiler , once a machine just do the system, with a simple keyboard password, the results of less than five minutes machine was invaded, Ah, had to reload again, network security can not afford AH.

The result of this error is that the computer's Remote Desktop can not log on, the other is normal, but Remote Desktop can not use, checked, the original is the Registry "certificate" subkey is corrupted, the user can not communicate with Terminal Services normal. Analysis: Certificate is responsible for the authentication and encryption of data information in Terminal Services communication, and once it is corrupted, the protocol component of Terminal Services detects errors and interrupts communication between client and Terminal Server.

Online processing is also relatively simple:

Open Registry Editor (start--> run--> input regedit), find hkey_local_machine/system/currentcontrolset/services/termservice/ Parameters The key value, remove the certificate key value, and then restart the server directly. The server automatically creates the key value after restarting.

But I think this method is not a cure for the symptoms! If someone sweeps again, does it still cause such a situation?

The insurance point is to modify the server remote port, because you generally rent or hosted the server, the computer room to do the system to you are using the default 3389 port or set a unified port, so easy to be swept, so the insurance method is to modify the remote connection of the port bar. The server theoretically port range is from 0 to 65535, avoid some common ports, random modify a port on the line, modify the method see: Http://www.jb51.net/article/6125.htm

Today, when using terminal to connect to a server remotely, it is always not connected, and then directly to the server, view the error log in the event: the RDP protocol component x.224 found an error in the protocol flow and interrupted the client connection.

RDP, Remote Desktop protocol. The server's remote Desktop is not available, search for a long time, are said to add a deletion component in the "Terminal Services" check, and then install it, in fact, this can not solve the problem. This error has occurred in the server log:

The RDP protocol component x.224 found an error in the protocol stream and interrupted the client connection.
Event Type: Error
Event Source: TermDD
Describe:
The RDP "DATA Encryption" protocol component detects an error in the protocol stream and interrupts the client.

Possible causes for this situation are:

1: There may be problems with your remote landing component, try to continue remote landing.
2: Someone is attacking you, using brute force to hack into your system, causing the system to refuse service.

The result is that the computer's Remote Desktop can not log in, Ping gateway address and the external network address all normal, but Remote Desktop can not be used, carefully inspected the various services, also did not find anomalies, and finally found a long time on the internet, finally find a solution!

It turns out that the "certificate" subkey in the registry is corrupted, causing the user to not be able to communicate properly with Terminal Services. Analysis: Certificate is responsible for the authentication and encryption of data information in Terminal Services communication, and once it is corrupted, the protocol component of Terminal Services detects errors and interrupts communication between client and Terminal Server.

Workaround:

Open Registry Editor to find the hkey_local_machine/system/currentcontrolset/services/termservice/parameters key value, Remove the certificate key value, and then restart the server directly. The server automatically creates the key value after restarting!