Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1014 Source: TermService

Cannot load illegal module: <dll path>.
After Windows Update lost ability to connect to Windows 2003 Server & XPSP3 via RDP. Was getting this event in system log: Cannot load illegal module: C:\WINDOWS\system32\Drivers\rdpwd.SYS. Replaced rdpwd.sys from another server, rebooted and that restored connectivity.
I had this problem on a Citrix PS 4.5 server. It seems that some AV software (E-Trust 8.0/8.1, Panda) can cause the ICA & RDP listener services to fail at system boot. The solution is to disable and re-enable the listeners or create a batch file to run after system reboot as follows:

echo yes | reset session RDP-tcp
echo yes | reset session ICA-tcp

More information here can be found at “Citrix Support Forum - Thread error 1014 termservice”.
- C:\WINNT\System32\rdpwsx.DLL - According to a Usenet post, this is caused by a corrupted installation and recommends reinstalling the server. According to another post, this problem is fixed by Windows 2000 SP2.
rdpwsx.dll represents the RDP Extension DLL and the latest version should be 5.0.2180.1

Article ME306964 says that this can occur if the Cryptography subsystem is damaged. The article provides the resolution.
- C:\WINNT\System32\vdtw30.DLL - no info
As per Microsoft: "This issue can occur if the Crypto subsystem has become damaged and cannot correctly load the Rdpwsx.dll file." See ME312030 for resolution.
MS suggested deleting the following Reg Key, (take an export 1st): HKLM\Software\Microsoft\Cryptography\Defaults\Provider Types\Type 001 and then re-applying the latest Security Rollup Patch. This didn't fix my system, but could be worth a try. The fix I eventually found was to change the protected storage service to automatic and make sure that it's running.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.