This error is related to Windows Update KB4457139 and limited to Windows 7 users.

You will need to configure group policies on your server.

To configure the policies on your terminal server please follow these steps:

  • open gpedit.msc applet,
  • navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
  • then enable 'Require use of specific security layer for remote (RDP) connections' and select 'RDP' as Security Layer.
  • then disable 'Require user authentication for remote connections by using Network Level Authentication policy'.
  • finally, reboot the terminal server or use this command : gpupdate /force

If it doesn't fix your issue:

  • update Windows to its most up-to-date version with all latest KB updates installed,
  • update TSplus to its most up-to-date version,
  • run 'MSTSC.exe', open the options, then go to the Experience tab and UN-select 'Reconnect if the connection is dropped'.
  • If one of your customer is still facing Internal Error message, then you might want to check if he has a lot of invalid logon attempts.

    We have seen several servers receiving a lot of logon attempts from hackers (several dozen per minutes), and this spams Windows Remote Desktop Service, thus causing the Internal Error message when trying to connect.

Change this GPO on the Windows server: gpedit.msc > Computer Configuration > System > Credential Delegation > Encryption Oracle Remediation > Only Updated Clients > Force Updated Clients

WARNING: with this GPO you will NOT be able to connect if your workstation computer Windows has not been updated, but you will be able to connect using HTML5 client anyway.

The GPO is the official setting by Microsoft to prevent their vulnerability.