I was looking through our server's (running Windows 7 Pro) Event Viewer and I am seeing several TermDD logs that state:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: [ip address here].
The strange thing is that almost all of the IP's are from random countries (not from our users) and are during off-hour times. I don't know much about TermDD event ID 56, so any thoughts is really appreciated.