Connecting the world…

eventid

RDP and Spooler system service

My colleagues and I configure a Windows server from time-to-time. Mostly when we configure a server, it is a server which is placed in the DMZ zone, like an ISA Reverse Proxy or Citrix Secure Gateway. Recently I spoke with a colleague and we started discussing the running services under Windows.

After installing a Windows server with the default settings, I am stunned about all the different services which are running on the newly installed server. So most of the time, I stop a lot of these services and configure them to be started manually after a reboot. I do not only stop services from the Services MMC, but also settings on the network card, like Client for Microsoft Windows, File and Printer Sharing for Microsoft Windows, Registrar connection in DNS, LMHOST lookup and NetBIOS over TCP/IP.

Normally a server in the DMZ doesn’t have any printers connected, so I stop the Print Spooler service, but when connecting to the server with RDP the following Event logging shows up in the Event Viewer –> System log:

EventID: 1114

Source: TermServDevices

Type: Warning

Description: Error communicating with the Spooler system service. Open the Services snap-in and confirm that the Print Spooler service is running.

Looking at the Internet, there are different ways to stop is error from showing up in the Event viewer. All solutions are related to stopping the mapping of printers during the RDP log-in process. My colleague told me that he always uses a registry entry to disable the logging and guess what, this specific registry entry is shown below:

Registry folder: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd

Entry name: fEnablePrintRDR

Type: REG_DWORD

Value: 0x00000000 (0)

After adding this registry key the warning message in the Event Viewer won’t show up again.