New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Listener is not listening on Win 10 Home (build 14997+) #194

Closed
aiugrivef opened this Issue Jan 14, 2017 · 376 comments

Comments

Projects
None yet
@aiugrivef

Hello,

Thank you for rdpwrap!

Unfortunately, on Windows 10 Home edition, it is not working anymore since Insider build 15002.
Rdpwrap is fully updated and says "fully supported", but Listener state is "not listening" for some reason.

Thank you!

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Jan 15, 2017

Member

Support for 15007 has been added in 5814e3f, try again.

Member

binarymaster commented Jan 15, 2017

Support for 15007 has been added in 5814e3f, try again.

@aiugrivef

This comment has been minimized.

Show comment
Hide comment
@aiugrivef

aiugrivef Jan 15, 2017

Hello,

I have updated and tested again on 15007, without success.

It is not working on a Home edition, here is what RDPConf is displaying:

  • wrapper: installed
  • service: running
  • listener: not listening

Hello,

I have updated and tested again on 15007, without success.

It is not working on a Home edition, here is what RDPConf is displaying:

  • wrapper: installed
  • service: running
  • listener: not listening
@johanatan

This comment has been minimized.

Show comment
Hide comment
@johanatan

johanatan Jan 15, 2017

I am experiencing the same thing on a fresh WIndows 10 Home install.

I am experiencing the same thing on a fresh WIndows 10 Home install.

@johanatan

This comment has been minimized.

Show comment
Hide comment
@johanatan

johanatan Jan 15, 2017

i.e., Listener state: not listening

i.e., Listener state: not listening

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Jan 16, 2017

Member

Try this way, maybe it will help: #45 (comment)

(i.e. fully uninstall and install again)

Member

binarymaster commented Jan 16, 2017

Try this way, maybe it will help: #45 (comment)

(i.e. fully uninstall and install again)

@aiugrivef

This comment has been minimized.

Show comment
Hide comment
@aiugrivef

aiugrivef Jan 16, 2017

Hello, I have tried again several times today, and it is not working.

I am nowhere near as good as you are, but it looks like M$ have changed their SLC method again starting with 15002...
15002 have public symbols, but I am not good enough to understand them sorry...

Hello, I have tried again several times today, and it is not working.

I am nowhere near as good as you are, but it looks like M$ have changed their SLC method again starting with 15002...
15002 have public symbols, but I am not good enough to understand them sorry...

@wfmde

This comment has been minimized.

Show comment
Hide comment
@wfmde

wfmde Jan 19, 2017

I have the same problem with 15002. Reinstall does not solve the problem.

wfmde commented Jan 19, 2017

I have the same problem with 15002. Reinstall does not solve the problem.

@CaptainThrowback

This comment has been minimized.

Show comment
Hide comment
@CaptainThrowback

CaptainThrowback Jan 19, 2017

I'm experiencing the same issue on 15007. Already tried a reinstall.

image

I'm experiencing the same issue on 15007. Already tried a reinstall.

image

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Jan 20, 2017

Member

Issue confirmed in 10.0.15007.1000.

Member

binarymaster commented Jan 20, 2017

Issue confirmed in 10.0.15007.1000.

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Jan 21, 2017

Member

Interesting observation about file sizes between builds:

Build x86 size x64 size
10.0.14971.1000 840 KB 998 KB
10.0.14986.1000 840 KB 998 KB
10.0.14997.1001 ? KB 1002 KB
10.0.15002.1001 847 KB 1002 KB
10.0.15007.1000 847 KB 1002 KB
10.0.15014.1000 847 KB 1002 KB

So there's something new added in 14997.

Member

binarymaster commented Jan 21, 2017

Interesting observation about file sizes between builds:

Build x86 size x64 size
10.0.14971.1000 840 KB 998 KB
10.0.14986.1000 840 KB 998 KB
10.0.14997.1001 ? KB 1002 KB
10.0.15002.1001 847 KB 1002 KB
10.0.15007.1000 847 KB 1002 KB
10.0.15014.1000 847 KB 1002 KB

So there's something new added in 14997.

@binarymaster binarymaster self-assigned this Jan 21, 2017

@aiugrivef aiugrivef changed the title from Not working on Win 10 *Home* (15002 and 15007) to Not working on Win 10 *Home* (15002, 15007, 15014 and 15019) Jan 28, 2017

@aiugrivef

This comment has been minimized.

Show comment
Hide comment
@aiugrivef

aiugrivef Jan 28, 2017

Hello,
Same issue with 15014 and 15019 :-(

Hello,
Same issue with 15014 and 15019 :-(

@binarymaster binarymaster changed the title from Not working on Win 10 *Home* (15002, 15007, 15014 and 15019) to Listener is not listening on Win 10 Home (build 15002+) Jan 28, 2017

@aiugrivef

This comment has been minimized.

Show comment
Hide comment
@aiugrivef

aiugrivef Feb 15, 2017

Hello,
I have tried to debug the TermService, but I am not skilled enough :(
According to me, it looks like the patching of the global variables (bRemoteConnAllowed...) is done well, but this is not enough: the service does not start listening on RDP port.

Maybe there is a new variable?
Maybe the fact that CSQLQuery::Initialize() is not executed is blocking the service launch?

I fear this issue will be worse once Microsoft releases its next public version (probably in 1 month or so) - could you help me to fix this issue please?

Hello,
I have tried to debug the TermService, but I am not skilled enough :(
According to me, it looks like the patching of the global variables (bRemoteConnAllowed...) is done well, but this is not enough: the service does not start listening on RDP port.

Maybe there is a new variable?
Maybe the fact that CSQLQuery::Initialize() is not executed is blocking the service launch?

I fear this issue will be worse once Microsoft releases its next public version (probably in 1 month or so) - could you help me to fix this issue please?

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Feb 27, 2017

Member

Maybe the fact that CSQLQuery::Initialize() is not executed is blocking the service launch?

@aiugrivef Win 10 Pro have no problems with RDPWrap, so I think there is something other.

Member

binarymaster commented Feb 27, 2017

Maybe the fact that CSQLQuery::Initialize() is not executed is blocking the service launch?

@aiugrivef Win 10 Pro have no problems with RDPWrap, so I think there is something other.

@CaptainThrowback

This comment has been minimized.

Show comment
Hide comment
@CaptainThrowback

CaptainThrowback Mar 7, 2017

Having the same issue on 15048. Windows 10 Home Preview.

image

CaptainThrowback commented Mar 7, 2017

Having the same issue on 15048. Windows 10 Home Preview.

image

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Mar 7, 2017

Member

Having the same issue on 15048.

Not big surprise.

Member

binarymaster commented Mar 7, 2017

Having the same issue on 15048.

Not big surprise.

@NigNog9001

This comment has been minimized.

Show comment
Hide comment
@NigNog9001

NigNog9001 Mar 20, 2017

Win 10 Home does not support RDP at all I think.

NigNog9001 commented Mar 20, 2017

Win 10 Home does not support RDP at all I think.

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Mar 20, 2017

Member

Win 10 Home does not support RDP at all I think.

O RLY?

This is plain Windows 10 (core) (not build 15002+ though).

Member

binarymaster commented Mar 20, 2017

Win 10 Home does not support RDP at all I think.

O RLY?

This is plain Windows 10 (core) (not build 15002+ though).

@shoffmeister

This comment has been minimized.

Show comment
Hide comment
@shoffmeister

shoffmeister Apr 3, 2017

/me too

On a Windows 10 Home Insider Build, Version 1703, Build 15063.0 ("systeminfo"),

OS Name:                   Microsoft Windows 10 Home
OS Version:                10.0.15063 N/A Build 15063
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free

I continue to get

Listener State: Not listening
from RDPConf.exe, although my build is flagged as fully supported. RDPCheck.exe will not connect (to 127.0.0.2)

I have tried

git pull
update.bat
uninstall.bat
install.bat

The irritating part here is "[+] Successfully installed.", where as earlier it complains

[-] This version of Terminal Services is not supported.
Try running "update.bat" or "RDPWInst -w" to download latest INI file.
If it doesn't help, send your termsrv.dll to project developer for support.

File termsrv.dll in %WINDOWDIR%\System32 has a size of 992,256 bytes

/me too

On a Windows 10 Home Insider Build, Version 1703, Build 15063.0 ("systeminfo"),

OS Name:                   Microsoft Windows 10 Home
OS Version:                10.0.15063 N/A Build 15063
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free

I continue to get

Listener State: Not listening
from RDPConf.exe, although my build is flagged as fully supported. RDPCheck.exe will not connect (to 127.0.0.2)

I have tried

git pull
update.bat
uninstall.bat
install.bat

The irritating part here is "[+] Successfully installed.", where as earlier it complains

[-] This version of Terminal Services is not supported.
Try running "update.bat" or "RDPWInst -w" to download latest INI file.
If it doesn't help, send your termsrv.dll to project developer for support.

File termsrv.dll in %WINDOWDIR%\System32 has a size of 992,256 bytes

@shoffmeister

This comment has been minimized.

Show comment
Hide comment
@shoffmeister

shoffmeister Apr 3, 2017

With respect to "send your termsrv.dll to project developer for support" - what is the preferred means?

With respect to "send your termsrv.dll to project developer for support" - what is the preferred means?

@zen-engineer

This comment has been minimized.

Show comment
Hide comment
@zen-engineer

zen-engineer Apr 5, 2017

I have experienced the same issue as @shoffmeister

Win 10 build 15063.15 - attached termserv.dll

Here is my termserv.dll:
termsrv.zip

[*] Installing...
[*] Terminal Services version: 10.0.15063.0
[-] This version of Terminal Services is not supported.
Try running "update.bat" or "RDPWInst -w" to download latest INI file.
If it doesn't help, send your termsrv.dll to project developer for support.
[+] TermService found (pid 1096).
[*] No shared services found.
[*] Extracting files...
[*] Downloading latest INI file...
[+] Latest INI file -> C:\Program Files\RDP Wrapper\rdpwrap.ini
[+] Extracted rdpw64 -> C:\Program Files\RDP Wrapper\rdpwrap.dll
[*] Configuring service library...
[*] Checking dependencies...
[*] Checking CertPropSvc...
[*] Checking SessionEnv...
[*] Terminating service...
[*] Starting TermService...
[*] Configuring registry...
[*] Configuring firewall...
Ok.

[+] Successfully installed.

But It's not successfully installed:
capture

I have experienced the same issue as @shoffmeister

Win 10 build 15063.15 - attached termserv.dll

Here is my termserv.dll:
termsrv.zip

[*] Installing...
[*] Terminal Services version: 10.0.15063.0
[-] This version of Terminal Services is not supported.
Try running "update.bat" or "RDPWInst -w" to download latest INI file.
If it doesn't help, send your termsrv.dll to project developer for support.
[+] TermService found (pid 1096).
[*] No shared services found.
[*] Extracting files...
[*] Downloading latest INI file...
[+] Latest INI file -> C:\Program Files\RDP Wrapper\rdpwrap.ini
[+] Extracted rdpw64 -> C:\Program Files\RDP Wrapper\rdpwrap.dll
[*] Configuring service library...
[*] Checking dependencies...
[*] Checking CertPropSvc...
[*] Checking SessionEnv...
[*] Terminating service...
[*] Starting TermService...
[*] Configuring registry...
[*] Configuring firewall...
Ok.

[+] Successfully installed.

But It's not successfully installed:
capture

@linzyjx

This comment has been minimized.

Show comment
Hide comment
@linzyjx

linzyjx Apr 6, 2017

As novice can only pay close attention. I hope you can solve it at an early date.

linzyjx commented Apr 6, 2017

As novice can only pay close attention. I hope you can solve it at an early date.

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Apr 6, 2017

Member

I hope you can solve it at an early date.

One does not simply fix this issue

Member

binarymaster commented Apr 6, 2017

I hope you can solve it at an early date.

One does not simply fix this issue

@zen-engineer

This comment has been minimized.

Show comment
Hide comment
@zen-engineer

zen-engineer Apr 6, 2017

Hi.
I am not sure what this means? Does this mean that the issue is not possible to resolve?

Hi.
I am not sure what this means? Does this mean that the issue is not possible to resolve?

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Apr 6, 2017

Member

This means it is not so easy to resolve.

Member

binarymaster commented Apr 6, 2017

This means it is not so easy to resolve.

@zen-engineer

This comment has been minimized.

Show comment
Hide comment
@zen-engineer

zen-engineer Apr 6, 2017

Is it possible to provide any technical details so perhaps we can try and contribute to getting this solved?

Is it possible to provide any technical details so perhaps we can try and contribute to getting this solved?

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Apr 6, 2017

Member

Is it possible to provide any technical details so perhaps we can try and contribute to getting this solved?

Okay, so this is we already know:

  • build 10.0.14986.1000 have no issue
  • build 10.0.15002.1001 introduced the issue

It means the latter build has changed something in the code - it may be termsrv.dll, but may be not.

So, it will require to set up two (virtual) machines with these two different Windows 10 Home builds (Pro is not affected). Then enable kernel debugger with serial output, and try to investigate where the behaviour differs (with RDP Wrapper installed).

If we find the actual reason of the listener problem, then it will be possible to fix it.

Member

binarymaster commented Apr 6, 2017

Is it possible to provide any technical details so perhaps we can try and contribute to getting this solved?

Okay, so this is we already know:

  • build 10.0.14986.1000 have no issue
  • build 10.0.15002.1001 introduced the issue

It means the latter build has changed something in the code - it may be termsrv.dll, but may be not.

So, it will require to set up two (virtual) machines with these two different Windows 10 Home builds (Pro is not affected). Then enable kernel debugger with serial output, and try to investigate where the behaviour differs (with RDP Wrapper installed).

If we find the actual reason of the listener problem, then it will be possible to fix it.

@shoffmeister

This comment has been minimized.

Show comment
Hide comment
@shoffmeister

shoffmeister Apr 6, 2017

The "Fully supported" is a bit confusing, to be honest, although I now understand this to only to refer to successful hot-patching of the termsrv.dll PE image.

I am not sure whether I'd be up-to-speed to support here; I don't have good tooling (no IDA Pro, for instance) and no awareness / mental model of the peculiar things that happen in terminal server licensing, and do not know the enabling strategy used by rdpwrap.

FWIW, wouldn't it make sense to religiously check the return value of all API calls, e.g. at

WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw);

I am not sure whether Delphi has acquired a compiler warning switch which flags these scenarios, sorry.

Anyway, thank you very much for acknowledging the issue, for the service - and happy hunting!

The "Fully supported" is a bit confusing, to be honest, although I now understand this to only to refer to successful hot-patching of the termsrv.dll PE image.

I am not sure whether I'd be up-to-speed to support here; I don't have good tooling (no IDA Pro, for instance) and no awareness / mental model of the peculiar things that happen in terminal server licensing, and do not know the enabling strategy used by rdpwrap.

FWIW, wouldn't it make sense to religiously check the return value of all API calls, e.g. at

WriteProcessMemory(GetCurrentProcess, SignPtr, @Patch[I][0], Length(Patch[I]), bw);

I am not sure whether Delphi has acquired a compiler warning switch which flags these scenarios, sorry.

Anyway, thank you very much for acknowledging the issue, for the service - and happy hunting!

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Apr 6, 2017

Member

The "Fully supported" is a bit confusing, to be honest, although I now understand this to only to refer to successful hot-patching of the termsrv.dll PE image.

This does not refer to successful hot-patching. This only indicates that INI file includes current termsrv.dll build section.

FWIW, wouldn't it make sense to religiously check the return value of all API calls

Good idea. Since RDP Wrapper have a log file, these events can be logged into it. For now they are not checked for successfull execution.

Member

binarymaster commented Apr 6, 2017

The "Fully supported" is a bit confusing, to be honest, although I now understand this to only to refer to successful hot-patching of the termsrv.dll PE image.

This does not refer to successful hot-patching. This only indicates that INI file includes current termsrv.dll build section.

FWIW, wouldn't it make sense to religiously check the return value of all API calls

Good idea. Since RDP Wrapper have a log file, these events can be logged into it. For now they are not checked for successfull execution.

@shoffmeister

This comment has been minimized.

Show comment
Hide comment
@shoffmeister

shoffmeister Apr 7, 2017

FWIW, I just realized that the Delphi version is not what I would be running, being that I am on a 64 bit OS. Fortunately, the API result checking strategy in the C++ version matches ;)

This may be a stupid question, but why is there (still) a Delphi version around, as the C++ version seems to be more general? (I do have very fond memories of my times with Delphi, mind you)

And why is the C++ version in C++, given that I see nothing that could not be done easily in plain C, either? (The INI class would be almost a search/replace conversion, at least on first glance). Using C would have the benefit of having a smaller runtime library, with less "magic" going on underneath. If that DLL is mapped into a "foreign" process space, then DLL_PROCESS_ATTACH and DLL_THREAD_ATTACH would be a whole lot less worrisome. (https://msdn.microsoft.com/en-us/library/988ye33t.aspx)

Anyway, once upon a time, up to and including Windows XP / 32 bit, I was doing (other) hooking and injection - this is only faint recollection of my troubles with, specifically, the Delphi RTL doing unwanted things such as re-init of the FPU control word (but conceptionally totally within the spirit of Delphi, no less).

FWIW, I just realized that the Delphi version is not what I would be running, being that I am on a 64 bit OS. Fortunately, the API result checking strategy in the C++ version matches ;)

This may be a stupid question, but why is there (still) a Delphi version around, as the C++ version seems to be more general? (I do have very fond memories of my times with Delphi, mind you)

And why is the C++ version in C++, given that I see nothing that could not be done easily in plain C, either? (The INI class would be almost a search/replace conversion, at least on first glance). Using C would have the benefit of having a smaller runtime library, with less "magic" going on underneath. If that DLL is mapped into a "foreign" process space, then DLL_PROCESS_ATTACH and DLL_THREAD_ATTACH would be a whole lot less worrisome. (https://msdn.microsoft.com/en-us/library/988ye33t.aspx)

Anyway, once upon a time, up to and including Windows XP / 32 bit, I was doing (other) hooking and injection - this is only faint recollection of my troubles with, specifically, the Delphi RTL doing unwanted things such as re-init of the FPU control word (but conceptionally totally within the spirit of Delphi, no less).

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Apr 7, 2017

Member

This may be a stupid question, but why is there (still) a Delphi version around, as the C++ version seems to be more general? (I do have very fond memories of my times with Delphi, mind you)

Delphi compiled binary (rdpwrap.dll) has smaller size against C++ x86 compiled binary.

And why is the C++ version in C++, given that I see nothing that could not be done easily in plain C, either?

Well, that was not my choose, since it was ported by @FusixGit.

The INI class would be almost a search/replace conversion, at least on first glance). Using C would have the benefit of having a smaller runtime library, with less "magic" going on underneath.

I agree with this. Also some days ago I realized that INI class can be replaced by using these APIs:

Member

binarymaster commented Apr 7, 2017

This may be a stupid question, but why is there (still) a Delphi version around, as the C++ version seems to be more general? (I do have very fond memories of my times with Delphi, mind you)

Delphi compiled binary (rdpwrap.dll) has smaller size against C++ x86 compiled binary.

And why is the C++ version in C++, given that I see nothing that could not be done easily in plain C, either?

Well, that was not my choose, since it was ported by @FusixGit.

The INI class would be almost a search/replace conversion, at least on first glance). Using C would have the benefit of having a smaller runtime library, with less "magic" going on underneath.

I agree with this. Also some days ago I realized that INI class can be replaced by using these APIs:

@aphofes

This comment has been minimized.

Show comment
Hide comment
@aphofes

aphofes Apr 7, 2017

Best way to solve the problem is to buy a win 10 pro version on ebay for 5€.

aphofes commented Apr 7, 2017

Best way to solve the problem is to buy a win 10 pro version on ebay for 5€.

@ultradj83

This comment has been minimized.

Show comment
Hide comment
@ultradj83

ultradj83 Apr 7, 2017

Do you really think to get a regular license for 5€?

Do you really think to get a regular license for 5€?

@aphofes

This comment has been minimized.

Show comment
Hide comment
@aphofes

aphofes Apr 7, 2017

I think so. Otherwise it is not allowed to be on ebay.

http://tinyurl.com/l2hje9t

aphofes commented Apr 7, 2017

I think so. Otherwise it is not allowed to be on ebay.

http://tinyurl.com/l2hje9t

@bubbleguuum

This comment has been minimized.

Show comment
Hide comment
@bubbleguuum

bubbleguuum Apr 7, 2017

Also eagerly awaiting for a fix. Thanks to developer(s) looking into it.

Also eagerly awaiting for a fix. Thanks to developer(s) looking into it.

@Recka50

This comment has been minimized.

Show comment
Hide comment
@Recka50

Recka50 Apr 9, 2017

Hey my ticket didn't get resolved and was closed?!

I was told it's a duplicate but it's a different issue.

My RDP worked until upgrading to Creators Update (1703) on Win 10 Home but now is "not listening"

Recka50 commented Apr 9, 2017

Hey my ticket didn't get resolved and was closed?!

I was told it's a duplicate but it's a different issue.

My RDP worked until upgrading to Creators Update (1703) on Win 10 Home but now is "not listening"

@thechrisgregory

This comment has been minimized.

Show comment
Hide comment
@thechrisgregory

thechrisgregory Nov 16, 2017

@kamilmirza

This comment has been minimized.

Show comment
Hide comment
@kamilmirza

kamilmirza Nov 16, 2017

@thechrisgregory
no issues in firewall whatsoever
have created a custom rule to allow 3389
even tried with disabled firewall
and even tried changing RDP port still no go

kamilmirza commented Nov 16, 2017

@thechrisgregory
no issues in firewall whatsoever
have created a custom rule to allow 3389
even tried with disabled firewall
and even tried changing RDP port still no go

@sheva29

This comment has been minimized.

Show comment
Hide comment
@sheva29

sheva29 Nov 25, 2017

@sDunkan fix worked for me. I just want to add - not sure if part of the windows update(1709), but those files were missing for me in the first place.

Not sure if that will shed some light in the situation for some ppl still having issues

sheva29 commented Nov 25, 2017

@sDunkan fix worked for me. I just want to add - not sure if part of the windows update(1709), but those files were missing for me in the first place.

Not sure if that will shed some light in the situation for some ppl still having issues

@markyi370

This comment has been minimized.

Show comment
Hide comment
@markyi370

markyi370 Nov 26, 2017

Contributor

@sheva29 These files are always missing from the Home edition (probably deliberately done to cripple the OS). We're copying them from a Pro edition.

Contributor

markyi370 commented Nov 26, 2017

@sheva29 These files are always missing from the Home edition (probably deliberately done to cripple the OS). We're copying them from a Pro edition.

@mr-flibble

This comment has been minimized.

Show comment
Hide comment
@mr-flibble

mr-flibble Nov 26, 2017

I can confirm that @sDunkan fix worked for me too. (1703 Home 15063.726)

I can confirm that @sDunkan fix worked for me too. (1703 Home 15063.726)

@TiagoDM

This comment has been minimized.

Show comment
Hide comment
@TiagoDM

TiagoDM Nov 29, 2017

Thank you @youjoy I'm on windows 10 "home" 1709, copied the file and worked for me.

TiagoDM commented Nov 29, 2017

Thank you @youjoy I'm on windows 10 "home" 1709, copied the file and worked for me.

@yankolya

This comment has been minimized.

Show comment
Hide comment
@yankolya

yankolya Dec 3, 2017

Just tried @sDunkan proposed. Works for Windows 10 Home 1703 Build 15063.726
Many thanks to you, man))

yankolya commented Dec 3, 2017

Just tried @sDunkan proposed. Works for Windows 10 Home 1703 Build 15063.726
Many thanks to you, man))

@foobar167

This comment has been minimized.

Show comment
Hide comment
@foobar167

foobar167 Dec 4, 2017

Copying rfxvmt.dll file into Windows\System32 works for me.
Thank you, sDunkan!

Copying rfxvmt.dll file into Windows\System32 works for me.
Thank you, sDunkan!

@tblog1234

This comment has been minimized.

Show comment
Hide comment
@tblog1234

tblog1234 Dec 15, 2017

Copying rfxvmt.dll file into Windows\System32 works for me as well. Just make sure to use command prompt with Administrator mode to copy. Regular copy wont work.

Copying rfxvmt.dll file into Windows\System32 works for me as well. Just make sure to use command prompt with Administrator mode to copy. Regular copy wont work.

@mer30hamid

This comment has been minimized.

Show comment
Hide comment
@mer30hamid

mer30hamid Dec 15, 2017

Copying rfxvmt.dll file into Windows\System32 worked for me too, but I have windows 10 32 (1709) home edition, I used the x86 dll from here:
#229 (comment)

mer30hamid commented Dec 15, 2017

Copying rfxvmt.dll file into Windows\System32 worked for me too, but I have windows 10 32 (1709) home edition, I used the x86 dll from here:
#229 (comment)

@lars18th

This comment has been minimized.

Show comment
Hide comment
@lars18th

lars18th Dec 20, 2017

Hi,

As you know without the correct File Permissions, the file "rfxvmt.dll" isn't properlly loaded.
So, I present a guide for setting the correct ICLs using the Command-Line. You will get it usefull when connecting through SSH to your system when you have lost the RDP connection.

In this guide, "PCADDR" is the name of you PC, and "user" is the username you use in the login (it needs to have administrator privileges!):

net stop TermService

copy c:\rfxvmt.dll c:\windows\system32\
cd c:\windows\system32\
takeown.exe /A /F rfxvmt.dll
icacls.exe rfxvmt.dll /grant "PCADDR\user:F"

icacls.exe rfxvmt.dll /inheritance:d
icacls.exe rfxvmt.dll /setowner "NT SERVICE\TrustedInstaller"
icacls.exe rfxvmt.dll /grant "NT SERVICE\TrustedInstaller:F"

icacls.exe rfxvmt.dll /remove "NT AUTHORITY\SYSTEM"
icacls.exe rfxvmt.dll /grant "NT AUTHORITY\SYSTEM:RX"

icacls.exe rfxvmt.dll /remove "BUILTIN\Administrators"
icacls.exe rfxvmt.dll /grant "BUILTIN\Administrators:RX"

icacls.exe rfxvmt.dll /remove "PCADDR\user"

net start TermService

If you use another locale different that English, then "BUILTIN\Administrators" will be "BUILTIN\something" where "something" is name group in this language.

In general the guide does: Copy the file to the right location. Take own of the new file. Grant explicit privileges to the user (temporal). Remove inherited privileges. Set correct owner and generic permissions. Remove the explicit privileges of the user (this is required because when you remove the privileges for the Administrators Group then you lost acccess).

Perhaps someone likes to craete an script for doing all tasks automatically.
Regards!

Hi,

As you know without the correct File Permissions, the file "rfxvmt.dll" isn't properlly loaded.
So, I present a guide for setting the correct ICLs using the Command-Line. You will get it usefull when connecting through SSH to your system when you have lost the RDP connection.

In this guide, "PCADDR" is the name of you PC, and "user" is the username you use in the login (it needs to have administrator privileges!):

net stop TermService

copy c:\rfxvmt.dll c:\windows\system32\
cd c:\windows\system32\
takeown.exe /A /F rfxvmt.dll
icacls.exe rfxvmt.dll /grant "PCADDR\user:F"

icacls.exe rfxvmt.dll /inheritance:d
icacls.exe rfxvmt.dll /setowner "NT SERVICE\TrustedInstaller"
icacls.exe rfxvmt.dll /grant "NT SERVICE\TrustedInstaller:F"

icacls.exe rfxvmt.dll /remove "NT AUTHORITY\SYSTEM"
icacls.exe rfxvmt.dll /grant "NT AUTHORITY\SYSTEM:RX"

icacls.exe rfxvmt.dll /remove "BUILTIN\Administrators"
icacls.exe rfxvmt.dll /grant "BUILTIN\Administrators:RX"

icacls.exe rfxvmt.dll /remove "PCADDR\user"

net start TermService

If you use another locale different that English, then "BUILTIN\Administrators" will be "BUILTIN\something" where "something" is name group in this language.

In general the guide does: Copy the file to the right location. Take own of the new file. Grant explicit privileges to the user (temporal). Remove inherited privileges. Set correct owner and generic permissions. Remove the explicit privileges of the user (this is required because when you remove the privileges for the Administrators Group then you lost acccess).

Perhaps someone likes to craete an script for doing all tasks automatically.
Regards!

@XUnderShadow

This comment has been minimized.

Show comment
Hide comment
@XUnderShadow

XUnderShadow Dec 20, 2017

confirmed script is working
small fix to set pcaddr and user at the top for easier editing

set PC_NAME=
set USER_NAME=

net stop TermService

copy c:\rfxvmt.dll c:\windows\system32
cd c:\windows\system32
takeown.exe /A /F rfxvmt.dll
icacls.exe rfxvmt.dll /grant "%PCADDR%\%USER_NAME%:F"

icacls.exe rfxvmt.dll /inheritance:d
icacls.exe rfxvmt.dll /setowner "NT SERVICE\TrustedInstaller"
icacls.exe rfxvmt.dll /grant "NT SERVICE\TrustedInstaller:F"

icacls.exe rfxvmt.dll /remove "NT AUTHORITY\SYSTEM"
icacls.exe rfxvmt.dll /grant "NT AUTHORITY\SYSTEM:RX"

icacls.exe rfxvmt.dll /remove "BUILTIN\Administrators"
icacls.exe rfxvmt.dll /grant "BUILTIN\Administrators:RX"

icacls.exe rfxvmt.dll /remove "%PCADDR%\%USER_NAME%"

net start TermService

XUnderShadow commented Dec 20, 2017

confirmed script is working
small fix to set pcaddr and user at the top for easier editing

set PC_NAME=
set USER_NAME=

net stop TermService

copy c:\rfxvmt.dll c:\windows\system32
cd c:\windows\system32
takeown.exe /A /F rfxvmt.dll
icacls.exe rfxvmt.dll /grant "%PCADDR%\%USER_NAME%:F"

icacls.exe rfxvmt.dll /inheritance:d
icacls.exe rfxvmt.dll /setowner "NT SERVICE\TrustedInstaller"
icacls.exe rfxvmt.dll /grant "NT SERVICE\TrustedInstaller:F"

icacls.exe rfxvmt.dll /remove "NT AUTHORITY\SYSTEM"
icacls.exe rfxvmt.dll /grant "NT AUTHORITY\SYSTEM:RX"

icacls.exe rfxvmt.dll /remove "BUILTIN\Administrators"
icacls.exe rfxvmt.dll /grant "BUILTIN\Administrators:RX"

icacls.exe rfxvmt.dll /remove "%PCADDR%\%USER_NAME%"

net start TermService

@eLenoAr

This comment has been minimized.

Show comment
Hide comment
@eLenoAr

eLenoAr Dec 21, 2017

Attention with the var PC_NAME you are using at the top and in your commands [%PCADDR%]!
set PC_NAME= in your script is supposed to be set PCADDR=

eLenoAr commented Dec 21, 2017

Attention with the var PC_NAME you are using at the top and in your commands [%PCADDR%]!
set PC_NAME= in your script is supposed to be set PCADDR=

@XUnderShadow

This comment has been minimized.

Show comment
Hide comment
@XUnderShadow

XUnderShadow Dec 21, 2017

set PC_NAME=
set USER_NAME=

net stop TermService

copy c:\rfxvmt.dll c:\windows\system32
cd c:\windows\system32
takeown.exe /A /F rfxvmt.dll
icacls.exe rfxvmt.dll /grant "%PC_NAME%\%USER_NAME%:F"

icacls.exe rfxvmt.dll /inheritance:d
icacls.exe rfxvmt.dll /setowner "NT SERVICE\TrustedInstaller"
icacls.exe rfxvmt.dll /grant "NT SERVICE\TrustedInstaller:F"

icacls.exe rfxvmt.dll /remove "NT AUTHORITY\SYSTEM"
icacls.exe rfxvmt.dll /grant "NT AUTHORITY\SYSTEM:RX"

icacls.exe rfxvmt.dll /remove "BUILTIN\Administrators"
icacls.exe rfxvmt.dll /grant "BUILTIN\Administrators:RX"

icacls.exe rfxvmt.dll /remove "%PC_NAME%\%USER_NAME%"

net start TermService

set PC_NAME=
set USER_NAME=

net stop TermService

copy c:\rfxvmt.dll c:\windows\system32
cd c:\windows\system32
takeown.exe /A /F rfxvmt.dll
icacls.exe rfxvmt.dll /grant "%PC_NAME%\%USER_NAME%:F"

icacls.exe rfxvmt.dll /inheritance:d
icacls.exe rfxvmt.dll /setowner "NT SERVICE\TrustedInstaller"
icacls.exe rfxvmt.dll /grant "NT SERVICE\TrustedInstaller:F"

icacls.exe rfxvmt.dll /remove "NT AUTHORITY\SYSTEM"
icacls.exe rfxvmt.dll /grant "NT AUTHORITY\SYSTEM:RX"

icacls.exe rfxvmt.dll /remove "BUILTIN\Administrators"
icacls.exe rfxvmt.dll /grant "BUILTIN\Administrators:RX"

icacls.exe rfxvmt.dll /remove "%PC_NAME%\%USER_NAME%"

net start TermService

@YenHaEncore

This comment has been minimized.

Show comment
Hide comment
@YenHaEncore

YenHaEncore Dec 24, 2017

Hi all !

I have the same issue (not listening) with last update 16299, i have download new rfxvmt.dll (thx sDunkan) and make a batch file with XUnderShadow's code but it don't work for me.

I've try to grant privileges to everyown, uninstall, update and install, not working too.

Somebody have a solution for me ?

Thanks you in advance

Hi all !

I have the same issue (not listening) with last update 16299, i have download new rfxvmt.dll (thx sDunkan) and make a batch file with XUnderShadow's code but it don't work for me.

I've try to grant privileges to everyown, uninstall, update and install, not working too.

Somebody have a solution for me ?

Thanks you in advance

@AlexeiScherbakov

This comment has been minimized.

Show comment
Hide comment
@YenHaEncore

This comment has been minimized.

Show comment
Hide comment
@YenHaEncore

YenHaEncore Dec 24, 2017

Works perfect ! Thanks you AlexeiScherbakov

Works perfect ! Thanks you AlexeiScherbakov

@texNICKru

This comment has been minimized.

Show comment
Hide comment
@texNICKru

texNICKru Dec 27, 2017

Hi all !
Do not work terminal server on Win10 x86 16299.125 one language (
And please check offset patch for x86

[10.0.16299.15]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=A8E08
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8FD01
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=39215
SingleUserCode.x86=nop
SingleUserPatch.x64=1
SingleUserOffset.x64=1C774
SingleUserCode.x64=Zero
DefPolicyPatch.x86=1
DefPolicyOffset.x86=3DC89
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=12D85
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x86=1
SLInitOffset.x86=461BD
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=22D5C
SLInitFunc.x64=New_CSLQuery_Initialize

In this termsrv.dll not DefPolicyOffset.x86=3DC89.
I find 3B81200300000F84 on offset 3D089. May be mistake misspell?
termsrv(2).zip

texNICKru commented Dec 27, 2017

Hi all !
Do not work terminal server on Win10 x86 16299.125 one language (
And please check offset patch for x86

[10.0.16299.15]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=A8E08
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8FD01
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=39215
SingleUserCode.x86=nop
SingleUserPatch.x64=1
SingleUserOffset.x64=1C774
SingleUserCode.x64=Zero
DefPolicyPatch.x86=1
DefPolicyOffset.x86=3DC89
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=12D85
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x86=1
SLInitOffset.x86=461BD
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=22D5C
SLInitFunc.x64=New_CSLQuery_Initialize

In this termsrv.dll not DefPolicyOffset.x86=3DC89.
I find 3B81200300000F84 on offset 3D089. May be mistake misspell?
termsrv(2).zip

@binarymaster

This comment has been minimized.

Show comment
Hide comment
@binarymaster

binarymaster Dec 27, 2017

Member

I find 3B81200300000F84 on offset 3D089. May be mistake misspell?

Offsets are relative to image base address, not from start of file.

Member

binarymaster commented Dec 27, 2017

I find 3B81200300000F84 on offset 3D089. May be mistake misspell?

Offsets are relative to image base address, not from start of file.

@texNICKru

This comment has been minimized.

Show comment
Hide comment
@texNICKru

texNICKru Dec 27, 2017

Thanks!!! Now working)

Thanks!!! Now working)

@binarymaster

This comment has been minimized.

Show comment
Hide comment
Member

binarymaster commented Dec 27, 2017

Fixed in v1.6.2 release.

@sfhurt

This comment has been minimized.

Show comment
Hide comment
@sfhurt

sfhurt Feb 27, 2018

Microsoft forced an update today for Windows 10 that broke the listener. W10 V 1709, build 16299.125. 32bit laptop that I use for interfacing to some signal generators. I've tried to go through all of the thread above but haven't found a solution. uninstalled and reinstalled v1.6.2, copied over rfxvmt.dll and termserv.dll with no luck.

sfhurt commented Feb 27, 2018

Microsoft forced an update today for Windows 10 that broke the listener. W10 V 1709, build 16299.125. 32bit laptop that I use for interfacing to some signal generators. I've tried to go through all of the thread above but haven't found a solution. uninstalled and reinstalled v1.6.2, copied over rfxvmt.dll and termserv.dll with no luck.

@OneCrazyRussian

This comment has been minimized.

Show comment
Hide comment
@OneCrazyRussian

OneCrazyRussian Feb 27, 2018

Can't confirm on 16299.248, seems ok on both configurations for me (one is with manual rfxvmt.dll extraction and another is with automatic rfxvmt.dll extraction). They show up with different service versions but both seem to work

Can't confirm on 16299.248, seems ok on both configurations for me (one is with manual rfxvmt.dll extraction and another is with automatic rfxvmt.dll extraction). They show up with different service versions but both seem to work

@sunriseydy

This comment has been minimized.

Show comment
Hide comment
@sunriseydy

sunriseydy Mar 18, 2018

It seems not works on Win10 x64 1803 Home, with "not listening" and "not supported", also tried the rfxvmt.dll.

It seems not works on Win10 x64 1803 Home, with "not listening" and "not supported", also tried the rfxvmt.dll.

@vgerald

This comment has been minimized.

Show comment
Hide comment
@vgerald

vgerald Mar 20, 2018

image

RDPwrap stopped working after 8.1 installing updates. Microsoft Windows [Version 6.3.9600]

when I try to replace the rfxvmt.dll, I get the below error. How do I replace it?
image

vgerald commented Mar 20, 2018

image

RDPwrap stopped working after 8.1 installing updates. Microsoft Windows [Version 6.3.9600]

when I try to replace the rfxvmt.dll, I get the below error. How do I replace it?
image

@Rebelpyr7

This comment has been minimized.

Show comment
Hide comment
@Rebelpyr7

Rebelpyr7 Mar 20, 2018

@vgerald Take a look at the issue below. There's a fix action there that doesn't requiring you to replace any .dll files.

#418

@vgerald Take a look at the issue below. There's a fix action there that doesn't requiring you to replace any .dll files.

#418

@vgerald

This comment has been minimized.

Show comment
Hide comment
@vgerald

vgerald Mar 20, 2018

#418
Solved! - Thanks @Rebelpyr7
the updates to rdpwrap.ini file mentioned by @amrgb ==> show it as supported.
replacing the termsrv.dll ==> shows the listener state as 'Not listening'
image

vgerald commented Mar 20, 2018

#418
Solved! - Thanks @Rebelpyr7
the updates to rdpwrap.ini file mentioned by @amrgb ==> show it as supported.
replacing the termsrv.dll ==> shows the listener state as 'Not listening'
image

@Rebelpyr7

This comment has been minimized.

Show comment
Hide comment
@Rebelpyr7

Rebelpyr7 Mar 20, 2018

@vgerald Glad I could help, I was messing around with this way too much today before I tried the simplest fix which ended up working.

@vgerald Glad I could help, I was messing around with this way too much today before I tried the simplest fix which ended up working.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.