Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 56 Source: TermDD

The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
The EV100383 (The Curious Case of Event ID: 56 with Source TermDD) blog article provides details on how to troubleshoot this event.
See EV100382 (Windows vista remote desktop disconnects first attempt, allows second.) for a solution for this type of problem.
I was receiving this event when I would attempt to remote desktop into another Vista machine on a local network. The initial remote desktop attempt would fail, and this event ID would be logged. The second remote desktop attempt always worked. In my case, I was also getting EventID 4356 from source EventSystem.
To solve it, I found the corresponding CLSID mentioned in the event, opened the mmc, added Component Services, browsed for the event and then set the “Configuration Permissions” to “Default” instead on “Customize”. This solved the remote desktop connection issue and these events were no longer logged. Instructions and more details can be found at EV100382 (Windows vista remote desktop disconnects first attempt, allows second.)

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.