Help!
I have a newly-built branch office server running 2008 x64 Enterprise Edition and after building and moving the new server to the branch office I can no longer sustain RDP connectivity to the server. The act of moving the server to the branch office involved changing the IP on the NIC from DHCP to a static one to fit the subnet of the remote office. If I use the standalone RDP client that comes with Vista SP2 (all latest Windows Updates applied) I get the following error:
Because of an error in data encryption, this session will end. Please try connecting to the remote computer again.
The error happens randomly but very frequently. Sometimes I can stay connected for several minutes at a time and sometimes it disconnects me immediately after connecting. If I use the new Remote Desktop Connection Manager I either get disconnected with no error or I will get error 3078. The branch office is connected to our main office via a hardware VPN. I can RDP to other workstations and servers at the branch office from the main office just fine. I have seen the following in the event logs on that server but they don't show up happen when the connection drops:
Log Name: System
Source: TermDD
Date: 7/7/2010 1:19:45 AM
Event ID: 56
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DC5.jasonsconsulting.com
Description:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="TermDD" />
<EventID Qualifiers="49162">56</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-07-07T06:19:45.723Z" />
<EventRecordID>107585</EventRecordID>
<Channel>System</Channel>
<Computer>DC5.jasonsconsulting.com</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Termdd</Data>
<Binary>00000400010000000000000038000AC00000000038000AC00000000000000000000000000000000006000AD0</Binary>
</EventData>
</Event>
and...
Logon Type: 10
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4634</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12545</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2010-07-07T19:12:25.230Z" />
<EventRecordID>210379</EventRecordID>
<Correlation />
<Execution ProcessID="620" ThreadID="740" />
<Channel>Security</Channel>
<Computer>RemoteServer.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="TargetUserSid">S-1-5-21-2000478354-484061587-839522115-1109</Data>
<Data Name="TargetUserName">MyUserName</Data>
<Data Name="TargetDomainName">DOMAIN</Data>
<Data Name="TargetLogonId">0x20821b0</Data>
<Data Name="LogonType">10</Data>
</EventData>
</Event>
I have done lots of Googling and found numerous discussion posts about disabling TCP large send offload and various other settings in the NIC properties of the onboard Broadcom NIC. I have done all of those and have even tried using a completely different NIC (Intel). I have updated drivers for both NICs using the latest manufacturer's drivers as well as tried the built-in Microsoft drivers for both NICs and get the same results every time. The server has been rebooted multiple times during and since the driver updates.
I have also found some posts about deleting registry keys (even though it doesn't apply to 2008 seehttp://support.microsoft.com/?kbid=323497 ) and that has no effect either. I installed VNC and noticed that even VNC gets disconnected after some random amount of time which leads me to believe the problem is networking-related. If I try large file copies from that server the connection drops after a random amount of time.
I'm getting really frustrated at this point and don't know what else to try. I'm ready to rebuild the server and just start over from scratch but I'd like to keep that as a last resort option.
Help!