RDP causes BSOD when using file explorer

[borhani]

XP SP3, accessed via RDP from Win7 (both on home intranet)
RDP has worked fine, for 2 years, until today. RDP connection went BSOD { STOP 0x0000007E (0xC0000005, 0x00000000, 0xAE0531A8, 0xAE052EA4) } on trying to paste a file, copied on Win 7 computer, into Win XP file explorer. Had done about 2 hours of work in same RDP session before this happened, without issue.

After rebooting XP, tried to copy from XP computer...but Win 7 drives not mapped (they usually are). When RDP'd into XP, random clicking inside file explorer cause sBSOD (same hex codes, except last two, which change slightly). Otherwise fine.

Win XP --- direction connection, *not* RDP --- seems completely OK.

Minidmp file says rdpdr.sys as the culprit; BlueSreenView output:
rdpdr.sys rdpdr.sys+13f18 0xb821f000 0xb824ee80 0x0002fe80 0x480251d2 4/13/2008 2:32:50 PM

Worried that this is a seemingly very old rdpdr.sys, I tried to update it -- several Windows KB articles mention updates, but the only available MS download failed (after MS emailed me the zip file, the file wouldn't unzip properly...asking for next disk!!). I tried to use a new rdpdr.sys from opendll.com, but it was automatically removed (!) after I put it in C:\windows\system32\drivers (after renaming existing file to rdpdr.sys.old). I think the opendll.com version is 64 bit, which wouldn't work anyway with XP...

But all this seems very, very strange. It was working, for several years, with daily use...and suddenly went bad.

Any ideas??
Thanks

P.S. - WinXP is up-to-date (ran sysupdate after BSOD; previous update had been ~2 months prior). Avast! AV installed and up-to-date (in use for ~1.5 years, last update to program & virus defs *yesterday*).
P.P.S. - I'd attach the minidump file, but don't see how to do that here...

 

[Peresmeshnik]

Hello.

I have the same problem with RDP. Did you find the cause of the problem?

 

[borhani]

No, still working on it (unfortunately). What are your system configurations (RDP client, and RDP server)?

 

[Peresmeshnik]

I found the couse: avast! Free Antivirus. I uninstalled it and RDP is working fine now in both directions.

 

[borhani]

Did you also have the BSOD problem only in one direction, and only upon attempted copy/paste (i.e., did your RDP session establish OK)?

I'll try disabling AVAST. If it is AVAST, however, there should be a way to configure it to not cause the problem... My problem started suddenly, about 4 weeks ago. I guess it is possible that there was an updated AVAST program/engine/virus definition at that time that suddenly recognized RDP as "bad".

 

[TenPc]

I am the least expert on these matters so I'm just asking, aren't you supposed to have the RDP on the Windows 7 to enable the copy/paste from XP to Windows 7?

Usually, a normal copy /paste from XP to Windows 7 (as long as you boot to Windows 7 first), you don't need any special software but you got all those protocols in place, I think you need to instal the RDP on the Windows 7 OS (as well) .

 

[borhani]

aren't you supposed to have the RDP on the Windows 7 to enable the copy/paste from XP to Windows 7?

Usually, a normal copy /paste from XP to Windows 7 (as long as you boot to Windows 7 first), you don't need any special software but you got all those protocols in place, I think you need to instal the RDP on the Windows 7 OS (as well) .

I don't understand your question. It's two separate computers, not a dual boot. One runs XP, the other runs Win7. Either computer should be able to serve as RDP client (and the other as RDP server), and copy from one, paste on the other, should work in either direction, regardless of which computer is server or client.

But maybe that's not what you're asking?

 

[TenPc]

Yes, two different computers but if you are on the Windows 7 Pc then copy and paste from the XP PC then you'd need the RDP to be the Windows 7 host.

As I said, I'm least expert, I used to do this type of thing 15 years ago but through a network cable, with both PC's in the same room, so my memory of it is a bit faded.

Last ditch effort -
You might want to try to "Allow" all users on both PC's. When I was transferring data from XP to Windows 7 Pc through a usb to usb cable (can't think of the actual name for it), I had to allow ALL users to Target drive on one drive and Allow all users on the Source hdd otherwise it would not work. It's the Permissions that stops it from happening.

 

[TenPc]

According to Wiki - "Microsoft provides the client required for connecting to newer RDP versions for downlevel operating systems. Since the server improvements are not available downlevel, the features introduced with each newer RDP version only work on downlevel operating systems when connecting to a higher version RDP server from these older operating systems, and not when using the RDP server in the older operating system."
-http://en.wikipedia.org/wiki/Remote_Desktop_Protocol

 

[Peresmeshnik]

Did you also have the BSOD problem only in one direction, and only upon attempted copy/paste (i.e., did your RDP session establish OK)?

Yes.

If it is AVAST, however, there should be a way to configure it to not cause the problem... I guess it is possible that there was an updated AVAST program/engine/virus definition at that time that suddenly recognized RDP as "bad".

Maybe, but I haven't time for it. I installed AVG AntiVirus Free Edition 2013 which doesn't have such problem.

 

[borhani]

[/quotemsg]Maybe, but I haven't time for it. I installed AVG AntiVirus Free Edition 2013 which doesn't have such problem.[/quotemsg]

Funny, I switched from AVG to Avast about 16 months ago, because AVG was a huge cpu hog, and I have found Avast to be much leaner and faster. I'll also check on the Avast web forums for this issue cropping up.

 

[Saga Lout]

TenPC said "When I was transferring data from XP to Windows 7 Pc through a usb to usb cable (can't think of the actual name for it)"

A sort of ad hoc network, I think. It would be interesting to see if borhani could set one up for experimental purposes to see if it still kills XP, only with an ethernet cable and not not SB - cutting out the router/switch or whatever in between.

 

[TenPc]

Just taking a different tack and something to ponder -

You said "RDP has worked fine, for 2 years, until today. RDP connection went BSOD { STOP 0x0000007E (0xC0000005, 0x00000000, 0xAE0531A8, 0xAE052EA4) } on trying to paste a file, copied on Win 7 computer, into Win XP file explorer. Had done about 2 hours of work in same RDP session before this happened, without issue."

Considering that the past two years have been trouble free, we all assume that you have done "transactions" both ways to and from the target and source on either PC

"Had done about 2 hours of work "
How much work?
How much data?
Could it be some sort of mass volume?
Were past actions the same type of volume for the same or more time frame?
Is the target folder in the C: directory or in a partition of the OS drive or elsewhere?
Maybe somewhere different than otherwise taken at other times?
In the same folder as other previous files?
I think XP has a volume maximum for each of the fiolders, you should try a different target folder.
Could the XP hdd be at fault?

Things to try - CHKDSK /F for both PC's

Shut down both PC's for a minute then boot up the Windows 7 PC to desktop then boot up the XP PC to desktop and try the action again.

 

[Saga Lout]

Or maybe a Windows Update crept in that day.

 

[borhani]

"Had done about 2 hours of work "
How much work?
How much data?

etc...

I don't think any of this is relevant.

• 
  2 hours of very light web browsing (to check info on, of all things, torques for wheel lug nuts...I was changing from snow tires to regular tires!)
  C: drive
  Copied a trivial file (~2 kB text file)
  Same type/volume of past actions

I think it's Avast (or, as Saga Lout suggests, possibly a Windows update). I'm going to try turning off (or uninstalling, if needed) Avast this weekend, and if that fixes it, at least the source of the problem will be identified.

 

[borhani]

Re-confirmed problem (for the millionth time): local copy/paste while RDP'd into the XP server works OK; copy or other access to the RDP client shared drive causes BSOD for XP box.

Rebooted. Stopped AVAST (shut down all shields, stopped Avast service). Avast UI (and I guess some very low-level hook) is still running. BSOD on copy from RDP client.

Rebooted. COMPLETELY uninstalled AVAST antivirus & rebooted; confirmed that uninstallation was complete.
==> Now, can RDP in to XP and copy/paste anything, in both directions! <==

AVAST antivirus is the problem!

I have posted on the Avast forum: http://forum.avast.com/index.php?topic=123144.0. Someone else had the very same problem, with Win Server 2003; Avast says that Microsoft has claimed the problem as theirs: http://support.microsoft.com/kb/960652. The only problem is that the rdpdr.sys updates in the KB article are for Win Server 2003, not for Win XP, as far as I can tell.

Ideas?
Thanks

 

[TenPc]

Well, it seems that you have done something different than in the past two years, you installed Avast Anti Virus!

 

[borhani]

Well, it seems that you have done something different than in the past two years, you installed Avast Anti Virus!

The obvious conclusion, I will admit...but alas, not true. I wish it were simply that! I have been running for the past ~16 months with Avast.

But, it is possible, and I suspect is the most likely explanation, that something changed in Avast (engine/virus update) which brought the problem on early in April 2013. Let me see what the Avast folks have to suggest (before I switch to some other antivirus program).

 

[Saga Lout]

Avast will blame Microsoft, of course. It is worth noting that XP and Server 2003 are extremely close cousins if not brothers. Turning off the resident shield for a day is better than uninstalling completely.

 

[TenPc]

If your Avast was out of date then that might have caused the issue as nearly, if not all, anti-virus program either trial version or past their license date, seem to give everyone headaches of some sort. Perhaps you had not renewed Avast within the allotted time frame and it got annoyed with you.

You don't hapen to have any other programs that are trial versions past their use by date, by chance?

 

[borhani]

Avast up-to-date. Non-trial, free version. Plus, completely wiped, and then reinstalled, Avast. No other trial versions present AFAIK. Ill try the Avast aswClear.exe, to really be sure, and also some uninstallers from Singular Labs http://singularlabs.com/uninstallers/security-software/

 

[borhani]

PROBLEM SOLVED! See this Avast! forum page.

Bottom Line, it's both Avast! and Windows (XP). Petr at Avast! wrote:
we change one part in filesystem driver which queries for file paths. Unfortunately, in RDP session (under XP/2003) it can lead to BSOD if you mapped harddisk drives and you access them. This bug is in XP and it was fixed in Vista+. I would suggest you to apply that KB fix (http://support.microsoft.com/kb/960652). It should work on XP as well (please confirm it, so we can use it as official answer until we release new program version).

As noted before, that KB refers only to Win Server 2003. For the 64-bit OS, apparently that is identical to 64-bit XP; for 32-bit XP...well, it turns out that it works. Some serious MS wonkiness getting the Server 2003 rdpdr.sys patch to actually work under XP, as it's "for the wrong operating system" (i.e. XP will not install the patch).

Petr posted download links for rdpdr.sys:
x86: http://public.avast.com/~kurtin/patches/rdpdr/x86/SP2QFE/rdpdr.sys
x64: http://public.avast.com/~kurtin/patches/rdpdr/x64/SP2QFE/rdpdr.sys

Then the fun began:
I had to disable the Windows System File Protector, setting it to ignore (only) rdpdr.sys, so that I could slip in the Win 2003 Server version of rdpdr.sys that Petr supplied. Instructions on how to do this are here: http://bitsum.com/aboutwfp.asp Skip right to:
Mod Method 5: Disable WFP permanently for specific files via patching the protected file list
More simple than patching executable code is simply patching the list of files contained in SFCFILES.DLL. First, copy
SFCFILES.DLL to a temporary file. Using a hex editor (i.e. UltraEdit), search for files to disable protection on inside
the temporary file. Once found, replacing the first character of the file name with 0 (that is: value 0 NOT ascii '0'
character). After completing the modifications, correct the checksum using our PEChkSum utility and set the temporary
file to replace the original at boot-time using our MoveLatr utility. Reboot the computer to finish the process.I used HxD to edit C:\WINDOWS\system32\SFCFILES.DLL; there were ~5 instances of "r◊d◊p◊d◊r◊.◊s◊y◊s" ("◊" = null, hex 0x0). I changed them all to "◊◊d◊p◊d◊r◊.◊s◊y◊s"; fixed the checksum (Chksum.exe sfcfiles.bak); set up the file replacement (MoveLatr.exe sfcfiles.bak sfcfiles.dll); and rebooted. Worked fine (as evidenced by a quick peek at the new SFCFILES.DLL).
The needed utilities Jeremy Collake mentions are here: http://bitsum.com/other/ WORKED LIKE A CHARM (Thanks Jeremy!)

THEN, I was able to copy the new rdpdr.sys (having saved a copy of the old one!) to C:\WINDOWS\system32\drivers & :\WINDOWS\system32\dllcache (for good measure), without the WinXP WFP "nanny" replacing the file!!

Tested RDP from Win7 client to the now-stably-modified WinXP sever: it worked fine;

Reinstalled Avast! (ver. 8, free version). OK

And the Acid Test: RDP from Win7 into WinXP --- with Avast! running --- IT WORKED! copy/paste, with drives mapped, worked in both directions.

 

[Saga Lout]

All your hard work and research earns you the right to the Best Answer in your own thread - a rarity in itself. Well done, borhani - that fix is a keeper.

 

[borhani]

Couldn't have done it without the help of all!