SP3 install impacts Fast User Switching

By jobeard
Mar 9, 2010
  1. [solved] SP3 install impacts Fast User Switching

    After some searching, there were comments on Remote Desktop

    $ netstat -a -o | egrep 3389
    TCP ltbeard:3389 LISTENING 1324

    3389 is the RDP port number and
    1324 is the PID of the process using it

    $ tasklist /svc | egrep 1324
    svchost.exe 1324 DcomLaunch, TermService
    (that egrep is a linux or cygwin tool; windows users will just have to eyeball or redirect to a file and view the results with notepad)

    The above shows RDP (actually TermService) is active so it's not a service issue.

    Yet TermService failed??? hmm; I run a tight firewall config (Sunbird PF4 ~ like Comodo) and I began to wonder ... what if the default deny rule was stopping the connection?

    I added a rule like
    allow in/out tcp (localLanIp) port 3389 
    Attempting secondary user login now
    • loads the user settings
    • chimes
    • shows the users configured wallpaper
      [*]but fails to show desktop icons or
      [*]to launch the Explorer

    eventvwr shows
    Event Type: Error
    Event Source: TermDD
    Event Category: None
    Event ID: 50
    Date: 3/9/2010
    Time: 9:34:32 AM
    User: N/A
    Computer: LTBEARD
    The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    0000: 00 00 0a 00 02 00 58 00 ......X.
    0008: 00 00 00 00 32 00 0a c0 ....2..À
    0010: 00 00 00 00 32 00 0a c0 ....2..À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    0028: 0b 00 00 00 75 73 65 72 ....user
    0030: 0d 0a ..

    event id 50 TermDD rdp x.224
    There have been 3 basic causes for your error:

    1. Encryption levels defined on the RDP-TCP connection (or ICA, if appropriate), are set too high for the client to successfully negotiate.
    For example, a client set to Low encryption would be unable to connect to a server with High (or now, FIPS compliant) encryption levels defined.
    Additionally, XP and XP SP1 clients are currently unable to connect at all if "FIPS compliant" encryption level is set (article in progress on this issue).

    To check this, open Terminal Services Configuration (tscc.msc) on the Terminal Server,
    select the RDP-Tcp connection, select properties, and view the Encryption settings on the General tab.
    Verify that this is set to Client Compatible, or low, and retest the connection (if needed).

    2. Another frequent cause of these problems stems from issues with some registry values in the TermService\Parameters registry key.
    To this end, could you export the following key: HKLM\System\CurrentControlSet\Services\TermServices\Parameters

    After doing this, delete the Certificate, X509 Certificate, and X509 Certificate ID values, and restart the Terminal Server.
    These values should be regenerated on reboot (but keep the Exported values just in case).
    The X509 Certificate and X509 Certificate ID values have also been known to cause this problem, so delete them as well.
    In 9 out of 10 cases this resolves the issue.

    3. The third possibility is that some software you are installing is overwriting some of the files needed for the protocol stream.
    Schannel.dll, rsaenh.dll, and several others are involved in this process.

    (2) fixed all Event Viewer issues
    But I still have attempting secondary user login now
    • loads the user settings
    • chimes
    • shows the users configured wallpaper
      [*]but fails to show desktop icons or
      [*]to launch the Explorer
  2. jobeard

    jobeard TS Ambassador Topic Starter Posts: 11,166   +986

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...