Problem

When launching tsclient.exe directly (for example via \bin\tsclient), the following warning is displayed:

"You are launching tsclient.exe in an insecure manner. This connection can be intercepted, and both client and server can be compromised by an attacker..."

The message recommends adding /x and /y medium (or /y high) to the command line.

Resolution

The behavior you are observing is expected , the warning you see indicates that the connection is started without the required security options :

The security features were added to B2Bi System Manager( Copilot client tsclient.xe). if B2Bi System Manager run from Windows start Menu is started they are automatically enabled, otherwise you will have to add the options.

Why the warning disappears :

Once you add: /x /y medium the client starts in a secure mode, and the warning is no longer displayed.

Meaning of the /x and /y arguments :

These parameters were introduced to strengthen the security of the connection between the B2Bi System Manager (tsclient) and the server.

/x Enforce encrypted connection (Mandatory)

- Forces the use of SSL/TLS encryption

- If encryption is not available, the client will terminate the connection

- This ensures that communication cannot be intercepted or altered

/y <level> Protection against potentially malicious servers This option defines how strictly the client validates the server:

- low → Minimal protection

- medium → Balanced protection (recommended)

- high → Maximum protection (see impact below)

Difference between /y medium and /y high :

The difference mainly relates to security strictness vs usability:

/y medium (recommended) :

- Provides strong protection against malicious or compromised servers

- Keeps all System Manager features fully available

- Suitable for standard production environments

/y high (maximum security)

- Applies stricter validation and restrictions during the connection

- Disables several client features, example : If /y high is used instead, Metadata Browser, Datamapper Builder, XML file viewing, clipborard copy in Message Log and Trace Viewer, Performance Monitor andComponent Registry save as or print reports and other features will not work.

In practice, /y high should only be used in hardened environments where stricter security is required and these feature limitations are acceptable.