All of the sudden my Windows 2008 Enterprise Terminal server stopped accepting connections. I had about 30 users who couldn’t connect including administrators. I was looking all over the place for a fix and thought it could even be that i was out of licenses as I had 25 installed but 35 in use. It turned out not to be that. One error that i was getting was
Event ID 56
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
After trying several things, including reactivating the server using the “corrupt certificate” reason, and installing a hotfix that resolves issues related to terminal server certificates here’s how i fixed it. On the Terminal server, i opened up MMC and added Certficates snap-in for the Computer Account. I went to the “Remote Desktop” >> “Certificates” folder and backed up the certificates that were there, Then I deleted them. I rebooted the server, which recreated those certificates. Then i could connect with both admin accounts and non admin accounts. I hope this post saves someone some time.
Credit to these two posts for helping me figure this out
http://arstechnica.com/civis/viewtopic.php?t=1131179
The exact event id.
Log Name: System
Source: TermDD
Date: 4/13/2015 2:59:59 PM
Event ID: 56
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: mytermserver.mydomain.com
Description:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=”TermDD” />
<EventID Qualifiers=”49162″>56</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=”2015-04-13T18:59:59.865Z” />
<EventRecordID>643544</EventRecordID>
<Channel>System</Channel>
<Computer>mytermserver.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Termdd</Data>
<Binary>00000400010000000000000038000AC00000000038000AC00000000000000000000000000000000030030980</Binary>
</EventData>
</Event>
Vin's Mostly Admin Blog 
Apr 15, 2020 @ 15:53:26
Hi Vincent, my name is Luigi and I am Italian. I want to thank you for the post which was very useful because it solved my own problem.
Thank you
Sep 15, 2022 @ 02:12:20
Legend!
Thanks very much for this blog post, it’s dug me out of a big hole.
Thanks very much for being a gent and shaing this information,
If I knew who you were I would buy you a beer 🙂