Tag: troubleshooting

MSTSC and RDCMAN Crashing?

For the last 3 days we have had issues connecting with RDP through our Remote Desktop Gateway. I’ve used both RDCMAN (Remote Desktop Connection Manager) and plain MSTSC where it’s crashing. It’s been happening quite regularly with the latest build (10041) of Windows 10 but also with a Windows 8.1 client.

In my case it’s sometimes been possible to connect to some of the servers but not others. And I’ve at times been able to stay connected for shorter periods (5-30 sec) before the client crashed.

I did a quick usermode debug of the crashing application and found out that in both cases it’s a DLL file for MSTSC that’s causing the problem and it’s related to UDP Traffic.

Disabling UDP in the Remote Desktop Gateway seems to solve the problem short term. I’ll have to look into it more in depth later on, but for now I’m at least able to keep on working.

RDP Connection Crashing

 

 

Bugcheck: DRIVER_POWER_STATE_FAILURE (9f)

I experienced a Bluescreen of Death (BSOD) on my Windows 8 Laptop (HP EliteBook 8560w) this morning when it resumed from Hibernate.
I quickly launched WinDBG and opened the crashdump.

WinDBG managed to find the driver that caused this problem by itself this time. But IF WinDBG had not been able to show me the faulty driver, the next step would have been to use the Bugcheck info (0x0000009f) to dig further into this;

The last argument is the interesting one, and which we should look into further with the !irp command.

It will show something similar to this. And it’s the e1c63x64.sys driver that were active at the time of the bluescreen. Same info as !analyze -v managed to figure out by itself.

Hmm, so what driver is that?

intel_driver1Too bad that it were unable to provide more detailed information. But some oldschool properties of the \SystemRoot\system32\DRIVERS\e1c63x64.sys file gave this;

And a quick search on Intel’s Support sites showed that there was a newer version available for my NIC;
Intel(R) 82579LM Gigabit Network Connection here.

Driver updated, and hopefully no more bluescreens due to this driver bug.

 

How to launch programs from the Windows Logon screen

It does happen from time to time, that I want to start some troubleshooting tools before a user logs on to the system. For example Sysinternals Process Monitor or xperf / wpr etc.

There are several ways to do it, as with most things with IT. You can either logon with another user, start the tools and then use Fast User Switching.
Or enable Boot Logging to get the full boot sequence + logon for a user.
Or use Psexec from a remote system, etc etc
Another way to do it, is to execute any tool of your choice from the Windows logon (winlogon) screen. The nice side effect is that you will be executing the tool as System, with full permissions.

I recently had to troubleshoot a “Password Reset” solution, which launches a browser from the Logon screen and it were unable to connect to the web-service. If you ran it from within windows as a normal user account, or system account, it worked. So I had to troubleshoot the problem as it was happening.

  1. Logon as a local administrator
  2. Make a copy of %windir%\system32\utilman.exe
  3. Take ownership of %windir%\system32\utilman.exe
  4. Grant yourself full control permission on the file.
  5. Replace utilman.exe with cmd.exe (or any other tool of your choise, though CMD is good as you can execute other tools from that one).
  6. At the windows logon screen press the “Accessibility icon” in the bottom left corner.
  7. Wahoo, you now have a command prompt with System Access

This works on Vista, Windows 7 and Windows 8.