Terminal Server could not connect to a client. This error can result from incompatible server and client data encryption settings.
This rule covers the following event IDs: 50
Other Information:
The event IDs described in this topic apply to Microsoft® Windows® 2000 Server and Microsoft Windows Server® 2000 operating systems.
Possible causes include:
Event 50: The Remote Desktop Protocol (RDP) component detected an error in the protocol stream and has disconnected the client.
Possible resolutions include:
Event 50: Set server encryption to a client-compatible setting, or upgrade the Terminal Server client so it can accept the server’s encryption setting.
Do the following to set server encryption:
Open the Terminal Services Configuration tool (Tscc.msc).
Locate the encryption setting in the Connections folder.
Double-click the RDP-Tcp connection in the details pane to open the Properties dialog box.
Click the General tab.
In the Encryption area, choose Client Compatible from the Encryption level list.
On the client computer, locate the local policy (gpedit.msc) for the encryption setting. Click Start, click Administrative Tools, click Local Computer Policy, click Computer Configuration, click Administrative Templates, click Windows Components, click Terminal Services, then click Encryption and Security
Set the client connection encryption level to match the server encryption level.
| Target | Microsoft.Windows.Server.2000.TerminalServerRole | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | System | ||
| Comment | Mom2005ID='{BDCC7713-1681-4734-87B9-0E54547A1DA9}' |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| Event_Data_Source | DataSource | Microsoft.Windows.EventProvider | Default |
| GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
Home<Rule ID="TS_could_not_process_client_connection_request_2000" Target="Microsoft.Windows.Server.2000.TerminalServerRole" Enabled="onEssentialMonitoring" Remotable="true" Comment="Mom2005ID='{BDCC7713-1681-4734-87B9-0E54547A1DA9}'">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="Event_Data_Source" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>-1073086414</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>TermDD</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="TS_could_not_process_client_connection_request_2000.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>