Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
|English: This information is only available to subscribers. An example of English, please!|
The EV100383 (The Curious Case of Event ID: 56 with Source TermDD) blog article provides details on how to troubleshoot this event.
See EV100382 (Windows vista remote desktop disconnects first attempt, allows second.) for a solution for this type of problem.
I was receiving this event when I would attempt to remote desktop into another Vista machine on a local network. The initial remote desktop attempt would fail, and this event ID would be logged. The second remote desktop attempt always worked. In my case, I was also getting EventID 4356 from source EventSystem.
To solve it, I found the corresponding CLSID mentioned in the event, opened the mmc, added Component Services, browsed for the event and then set the “Configuration Permissions” to “Default” instead on “Customize”. This solved the remote desktop connection issue and these events were no longer logged. Instructions and more details can be found at EV100382 (Windows vista remote desktop disconnects first attempt, allows second.)
|Private comment: Subscribers only. See example of private comment|
|Links: TermDD Event 56 errors with Vista and 360, EventID 4356 from source EventSystem|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated