eventid 40
reason code
I posted this over http://community.spiceworks.com/topic/550908-terminal-services-disconnections-reason-codes but may as well add it here to
Looks to me like the reason codes match up to these ones https://msdn.microsoft.com/en-us/library/windows/desktop/aa381339(v=vs.85).aspx
For quick reference here is a copy/paste of the table (with Hex converted to Decimal)
0 No additional information is available.
1 An application initiated the disconnection.
2 An application logged off the client.
3 The server has disconnected the client because the client has been idle for a period of time longer than the designated time-out period.
4 The server has disconnected the client because the client has exceeded the period designated for connection.
5 The client's connection was replaced by another connection.
6 No memory is available.
7 The server denied the connection.
8 The server denied the connection for security reasons.
9 The server denied the connection for security reasons.
10 Fresh credentials are required.
11 User activity has initiated the disconnect.
12 "The user logged off, disconnecting the session."
256 Internal licensing error.
257 No license server was available.
258 No valid software license was available.
259 The remote computer received a licensing message that was not valid.
260 The hardware ID does not match the one designated on the software license.
261 Client license error.
262 Network problems occurred during the licensing protocol.
263 The client ended the licensing protocol prematurely.
264 A licensing message was encrypted incorrectly.
265 The local computer's client access license could not be upgraded or renewed.
266 The remote computer is not licensed to accept remote connections.
267 An access denied error was received while creating a registry key for the license store.
768 Invalid credentials were encountered.
1 An application initiated the disconnection.
2 An application logged off the client.
3 The server has disconnected the client because the client has been idle for a period of time longer than the designated time-out period.
4 The server has disconnected the client because the client has exceeded the period designated for connection.
5 The client's connection was replaced by another connection.
6 No memory is available.
7 The server denied the connection.
8 The server denied the connection for security reasons.
9 The server denied the connection for security reasons.
10 Fresh credentials are required.
11 User activity has initiated the disconnect.
12 "The user logged off, disconnecting the session."
256 Internal licensing error.
257 No license server was available.
258 No valid software license was available.
259 The remote computer received a licensing message that was not valid.
260 The hardware ID does not match the one designated on the software license.
261 Client license error.
262 Network problems occurred during the licensing protocol.
263 The client ended the licensing protocol prematurely.
264 A licensing message was encrypted incorrectly.
265 The local computer's client access license could not be upgraded or renewed.
266 The remote computer is not licensed to accept remote connections.
267 An access denied error was received while creating a registry key for the license store.
768 Invalid credentials were encountered.
