[solved] SP3 install impacts Fast User Switching After some searching, there were comments on Remote Desktop $ netstat -a -o | egrep 3389 TCP ltbeard:3389 0.0.0.0:0 LISTENING 1324 3389 is the RDP port number and 1324 is the PID of the process using it $ tasklist /svc | egrep 1324 svchost.exe 1324 DcomLaunch, TermService(that egrep is a linux or cygwin tool; windows users will just have to eyeball or redirect to a file and view the results with notepad) The above shows RDP (actually TermService) is active so it's not a service issue. Yet TermService failed??? hmm; I run a tight firewall config (Sunbird PF4 ~ like Comodo) and I began to wonder ... what if the default deny rule was stopping the connection? I added a rule like Code: allow in/out tcp (localLanIp) port 3389 Attempting secondary user login now loads the user settings chimes shows the users configured wallpaper [*]but fails to show desktop icons or [*]to launch the Explorer eventvwr shows Event Type: Error Event Source: TermDD Event Category: None Event ID: 50 Date: 3/9/2010 Time: 9:34:32 AM User: N/A Computer: LTBEARD Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 00 00 0a 00 02 00 58 00 ......X. 0008: 00 00 00 00 32 00 0a c0 ....2..À 0010: 00 00 00 00 32 00 0a c0 ....2..À 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 0b 00 00 00 75 73 65 72 ....user 0030: 0d 0a .. event id 50 TermDD rdp x.224 ===== There have been 3 basic causes for your error: 1. Encryption levels defined on the RDP-TCP connection (or ICA, if appropriate), are set too high for the client to successfully negotiate. For example, a client set to Low encryption would be unable to connect to a server with High (or now, FIPS compliant) encryption levels defined. Additionally, XP and XP SP1 clients are currently unable to connect at all if "FIPS compliant" encryption level is set (article in progress on this issue). To check this, open Terminal Services Configuration (tscc.msc) on the Terminal Server, select the RDP-Tcp connection, select properties, and view the Encryption settings on the General tab. Verify that this is set to Client Compatible, or low, and retest the connection (if needed). 2. Another frequent cause of these problems stems from issues with some registry values in the TermService\Parameters registry key. To this end, could you export the following key: HKLM\System\CurrentControlSet\Services\TermServices\Parameters After doing this, delete the Certificate, X509 Certificate, and X509 Certificate ID values, and restart the Terminal Server. These values should be regenerated on reboot (but keep the Exported values just in case). The X509 Certificate and X509 Certificate ID values have also been known to cause this problem, so delete them as well. In 9 out of 10 cases this resolves the issue. 3. The third possibility is that some software you are installing is overwriting some of the files needed for the protocol stream. Schannel.dll, rsaenh.dll, and several others are involved in this process. ===== (2) fixed all Event Viewer issues But I still have attempting secondary user login now loads the user settings chimes shows the users configured wallpaper [*]but fails to show desktop icons or [*]to launch the Explorer Ideas?