gaa18
asked on
XP Machines BSOD when using RDP
hi all,
what is happening is the following:
basically we have 2 sites:
Site A: Main Server, users RDP into their machines which are all hosted on a hyper-v server
Site B: users either go through the VPN or use domain names to access their machines through RDP
basically the issue occurs in site B. when a user has an open session at site A and then moves to site B to continue the session it causes a BSOD. i have run a winDbg on the mini dumps and i get the attached.
all machines are on XP SP3 and all RDP clients are using the latest updated RDP.software
what is happening is the following:
basically we have 2 sites:
Site A: Main Server, users RDP into their machines which are all hosted on a hyper-v server
Site B: users either go through the VPN or use domain names to access their machines through RDP
basically the issue occurs in site B. when a user has an open session at site A and then moves to site B to continue the session it causes a BSOD. i have run a winDbg on the mini dumps and i get the attached.
all machines are on XP SP3 and all RDP clients are using the latest updated RDP.software
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\temp\Mini031611-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols;.sympath SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.101209-1647
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Mar 16 14:52:37.309 2011 (UTC + 0:00)
System Uptime: 1 days 0:15:44.683
Loading Kernel Symbols
...............................................................
...........................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {bc5dfff0, 0, bf89c1d5, 0}
Could not read faulting driver name
Probably caused by : RDPDD.dll ( RDPDD!DrvDisableSurface+63 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: bc5dfff0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf89c1d5, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: bc5dfff0
FAULTING_IP:
win32k!MultiUserGreTrackRemoveEngResource+17
bf89c1d5 8b01 mov eax,dword ptr [ecx]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from bf89c1ae to bf89c1d5
STACK_TEXT:
b819aafc bf89c1ae bc5dfff0 e3767018 b819ab20 win32k!MultiUserGreTrackRemoveEngResource+0x17
b819ab0c bff67925 bc5e0000 e13a4028 b819abb8 win32k!EngFreeMem+0x16
b819ab20 bf9629bc e3767018 e13a4028 b819abb8 RDPDD!DrvDisableSurface+0x63
b819ab54 bf8e01f5 e3767018 00000258 b819abb8 win32k!WatchdogDrvDisableSurface+0x2f
b819ab70 bf80d117 00000000 e273ee54 e273ee40 win32k!PDEVOBJ::vDisableSurface+0x7f
b819ab98 bf93f63b 00000000 e21ce420 00000000 win32k!PDEVOBJ::vUnreferencePdev+0x1fb
b819abb0 bf896281 e13a4008 896ef038 00000001 win32k!DrvDestroyMDEV+0x40
b819ac88 bf898a4c 00000001 b819abc8 00000000 win32k!DrvChangeDisplaySettings+0xa5a
b819accc bf91a257 00000000 00000000 00000000 win32k!xxxUserChangeDisplaySettings+0x141
b819ad40 bf80111d 004afdf0 b819ad64 004afde4 win32k!xxxRemoteReconnect+0x1f1
b819ad54 8054167c 004afdf0 00000037 004afea0 win32k!NtUserCallOneParam+0x23
b819ad54 7c90e514 004afdf0 00000037 004afea0 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
004afea0 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPDD!DrvDisableSurface+63
bff67925 897e30 mov dword ptr [esi+30h],edi
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: RDPDD!DrvDisableSurface+63
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPDD
IMAGE_NAME: RDPDD.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4802a10b
FAILURE_BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: bc5dfff0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf89c1d5, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: bc5dfff0
FAULTING_IP:
win32k!MultiUserGreTrackRemoveEngResource+17
bf89c1d5 8b01 mov eax,dword ptr [ecx]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from bf89c1ae to bf89c1d5
STACK_TEXT:
b819aafc bf89c1ae bc5dfff0 e3767018 b819ab20 win32k!MultiUserGreTrackRemoveEngResource+0x17
b819ab0c bff67925 bc5e0000 e13a4028 b819abb8 win32k!EngFreeMem+0x16
b819ab20 bf9629bc e3767018 e13a4028 b819abb8 RDPDD!DrvDisableSurface+0x63
b819ab54 bf8e01f5 e3767018 00000258 b819abb8 win32k!WatchdogDrvDisableSurface+0x2f
b819ab70 bf80d117 00000000 e273ee54 e273ee40 win32k!PDEVOBJ::vDisableSurface+0x7f
b819ab98 bf93f63b 00000000 e21ce420 00000000 win32k!PDEVOBJ::vUnreferencePdev+0x1fb
b819abb0 bf896281 e13a4008 896ef038 00000001 win32k!DrvDestroyMDEV+0x40
b819ac88 bf898a4c 00000001 b819abc8 00000000 win32k!DrvChangeDisplaySettings+0xa5a
b819accc bf91a257 00000000 00000000 00000000 win32k!xxxUserChangeDisplaySettings+0x141
b819ad40 bf80111d 004afdf0 b819ad64 004afde4 win32k!xxxRemoteReconnect+0x1f1
b819ad54 8054167c 004afdf0 00000037 004afea0 win32k!NtUserCallOneParam+0x23
b819ad54 7c90e514 004afdf0 00000037 004afea0 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
004afea0 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPDD!DrvDisableSurface+63
bff67925 897e30 mov dword ptr [esi+30h],edi
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: RDPDD!DrvDisableSurface+63
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPDD
IMAGE_NAME: RDPDD.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4802a10b
FAILURE_BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: bc5dfff0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf89c1d5, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: bc5dfff0
FAULTING_IP:
win32k!MultiUserGreTrackRemoveEngResource+17
bf89c1d5 8b01 mov eax,dword ptr [ecx]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from bf89c1ae to bf89c1d5
STACK_TEXT:
b819aafc bf89c1ae bc5dfff0 e3767018 b819ab20 win32k!MultiUserGreTrackRemoveEngResource+0x17
b819ab0c bff67925 bc5e0000 e13a4028 b819abb8 win32k!EngFreeMem+0x16
b819ab20 bf9629bc e3767018 e13a4028 b819abb8 RDPDD!DrvDisableSurface+0x63
b819ab54 bf8e01f5 e3767018 00000258 b819abb8 win32k!WatchdogDrvDisableSurface+0x2f
b819ab70 bf80d117 00000000 e273ee54 e273ee40 win32k!PDEVOBJ::vDisableSurface+0x7f
b819ab98 bf93f63b 00000000 e21ce420 00000000 win32k!PDEVOBJ::vUnreferencePdev+0x1fb
b819abb0 bf896281 e13a4008 896ef038 00000001 win32k!DrvDestroyMDEV+0x40
b819ac88 bf898a4c 00000001 b819abc8 00000000 win32k!DrvChangeDisplaySettings+0xa5a
b819accc bf91a257 00000000 00000000 00000000 win32k!xxxUserChangeDisplaySettings+0x141
b819ad40 bf80111d 004afdf0 b819ad64 004afde4 win32k!xxxRemoteReconnect+0x1f1
b819ad54 8054167c 004afdf0 00000037 004afea0 win32k!NtUserCallOneParam+0x23
b819ad54 7c90e514 004afdf0 00000037 004afea0 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
004afea0 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPDD!DrvDisableSurface+63
bff67925 897e30 mov dword ptr [esi+30h],edi
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: RDPDD!DrvDisableSurface+63
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPDD
IMAGE_NAME: RDPDD.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4802a10b
FAILURE_BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: bc5dfff0, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf89c1d5, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: bc5dfff0
FAULTING_IP:
win32k!MultiUserGreTrackRemoveEngResource+17
bf89c1d5 8b01 mov eax,dword ptr [ecx]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
LAST_CONTROL_TRANSFER: from bf89c1ae to bf89c1d5
STACK_TEXT:
b819aafc bf89c1ae bc5dfff0 e3767018 b819ab20 win32k!MultiUserGreTrackRemoveEngResource+0x17
b819ab0c bff67925 bc5e0000 e13a4028 b819abb8 win32k!EngFreeMem+0x16
b819ab20 bf9629bc e3767018 e13a4028 b819abb8 RDPDD!DrvDisableSurface+0x63
b819ab54 bf8e01f5 e3767018 00000258 b819abb8 win32k!WatchdogDrvDisableSurface+0x2f
b819ab70 bf80d117 00000000 e273ee54 e273ee40 win32k!PDEVOBJ::vDisableSurface+0x7f
b819ab98 bf93f63b 00000000 e21ce420 00000000 win32k!PDEVOBJ::vUnreferencePdev+0x1fb
b819abb0 bf896281 e13a4008 896ef038 00000001 win32k!DrvDestroyMDEV+0x40
b819ac88 bf898a4c 00000001 b819abc8 00000000 win32k!DrvChangeDisplaySettings+0xa5a
b819accc bf91a257 00000000 00000000 00000000 win32k!xxxUserChangeDisplaySettings+0x141
b819ad40 bf80111d 004afdf0 b819ad64 004afde4 win32k!xxxRemoteReconnect+0x1f1
b819ad54 8054167c 004afdf0 00000037 004afea0 win32k!NtUserCallOneParam+0x23
b819ad54 7c90e514 004afdf0 00000037 004afea0 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
004afea0 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPDD!DrvDisableSurface+63
bff67925 897e30 mov dword ptr [esi+30h],edi
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: RDPDD!DrvDisableSurface+63
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPDD
IMAGE_NAME: RDPDD.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4802a10b
FAILURE_BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
BUCKET_ID: 0x50_RDPDD!DrvDisableSurface+63
Followup: MachineOwner
---------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
not a complete solution, issue still happening sporadically although isnt as much as before.
Have you updated their RDP Clients to the newest version? (i think this one: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6e1ec93d-bdbd-4983-92f7-479e088570ad)