Event Id 56

This topic contains 5 replies, has 3 voices, and was last updated by  spn 8 months, 2 weeks ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts

  • spn
    Member
    #167483

    does anybody know why i cannot post a new topic on here ? it has been a while. what i am missing ? TIA


    spn
    Member
    #340294

    Lately, i’ve seen many event id 56 on our remote server.
    it says ‘The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
    Client IP: 82.202.249.19.’
    Most of the client IPs belong to our users. Many of them are from countries like Russian and Germany.
    I look up for ‘82.202.249.19’ and it is from Russia. I have enabled port forwarding on our remote server so it is no longer 3389.

    i wonder if this is just port scanning that h a c k e r s do or our server has been compromised ? any help is appreciated. TIA
    [ATTACH=JSON]{“data-align”:”none”,”data-size”:”medium”,”data-attachmentid”:516629}[/ATTACH]


    Ossian
    Moderator
    #191965

    Something to do with the picture, I think. Post approved, other topics deleted


    spn
    Member
    #340295

    Thanks Ossian. any chance you can change my topic to ‘Event Id 56’ or delete the ‘post a new topic’ post ? Thanks.

    Blood
    Blood
    Moderator
    #337369

    :google: First result: https://social.technet.microsoft.com/Forums/windowsserver/en-US/981a30b8-0e46-49f9-a13f-095b124328fd/event-id-56-termdd?forum=winserverTS
    Lots of trouble-shooting suggestions in that thread.


    spn
    Member
    #340296

    Thanks Blood.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.