RDP causes BSOD when using file explorer

borhani

Honorable
Apr 7, 2013
26
0
10,540
XP SP3, accessed via RDP from Win7 (both on home intranet)
RDP has worked fine, for 2 years, until today. RDP connection went BSOD { STOP 0x0000007E (0xC0000005, 0x00000000, 0xAE0531A8, 0xAE052EA4) } on trying to paste a file, copied on Win 7 computer, into Win XP file explorer. Had done about 2 hours of work in same RDP session before this happened, without issue.

After rebooting XP, tried to copy from XP computer...but Win 7 drives not mapped (they usually are). When RDP'd into XP, random clicking inside file explorer cause sBSOD (same hex codes, except last two, which change slightly). Otherwise fine.

Win XP --- direction connection, *not* RDP --- seems completely OK.

Minidmp file says rdpdr.sys as the culprit; BlueSreenView output:
rdpdr.sys rdpdr.sys+13f18 0xb821f000 0xb824ee80 0x0002fe80 0x480251d2 4/13/2008 2:32:50 PM

Worried that this is a seemingly very old rdpdr.sys, I tried to update it -- several Windows KB articles mention updates, but the only available MS download failed (after MS emailed me the zip file, the file wouldn't unzip properly...asking for next disk!!). I tried to use a new rdpdr.sys from opendll.com, but it was automatically removed (!) after I put it in C:\windows\system32\drivers (after renaming existing file to rdpdr.sys.old). I think the opendll.com version is 64 bit, which wouldn't work anyway with XP...

But all this seems very, very strange. It was working, for several years, with daily use...and suddenly went bad.

Any ideas??
Thanks

P.S. - WinXP is up-to-date (ran sysupdate after BSOD; previous update had been ~2 months prior). Avast! AV installed and up-to-date (in use for ~1.5 years, last update to program & virus defs *yesterday*).
P.P.S. - I'd attach the minidump file, but don't see how to do that here...
 
Solution
PROBLEM SOLVED! See this Avast! forum page.

Bottom Line, it's both Avast! and Windows (XP). Petr at Avast! wrote:
we change one part in filesystem driver which queries for file paths. Unfortunately, in RDP session (under XP/2003) it can lead to BSOD if you mapped harddisk drives and you access them. This bug is in XP and it was fixed in Vista+. I would suggest you to apply that KB fix (http://support.microsoft.com/kb/960652). It should work on XP as well (please confirm it, so we can use it as official answer until we release new program version).

As noted before, that KB refers only to Win Server 2003. For the 64-bit OS, apparently that is identical to 64-bit XP; for 32-bit XP...well, it turns out that it works...

jackson1420

Distinguished
May 10, 2010
487
0
18,860
Did the Windows XP machine BSOD? If so, how could you tell it did in fact BSOD if you are working remotely?

Without researching the error codes or anything this could be just a hiccup.

*Fingers crossed*
 

borhani

Honorable
Apr 7, 2013
26
0
10,540
>jackson1420:
The two computers are side by side, so if I switch which computer the monitor/keybd/mouse are connected two, I can directly use the XP computer --- and when the RDP connection is lost, the XP computer has the BSOD.

Not a hiccup, unfortunately, as this is now occurring with every RDP connection to the XP machine. And in case I wasn't clear, the BSOD seems to come *only* upon trying to do something in the file explorer window. That might be a clue, or maybe it's a false lead.

>Saga Lout:
Nothing suspicious: First time I copied a 2 kB text file (which I created) on the Win7 computer, c:\users\borhani\desktop\junk.txt, and tried to paste into the file explorer on Win XP (via RDP). Next time it happened, I simply clicked on a file name in the file explorer (on XP via RDP)...and then that happened again, and again, ...

 

borhani

Honorable
Apr 7, 2013
26
0
10,540

Thanks! How does one do this? The computer has been rebooted several times. Is there some registry key, or something else, that "resets" explorer?

 

jackson1420

Distinguished
May 10, 2010
487
0
18,860
1. Press CTRL+SHIFT+ESCAPE.
2. Click on the Processes tab
3. Look for explorer.exe in the Image Name column.
4. Right click on it and select End Process. This will terminate Windows Explorer.
6. Open Start Menu and type explorer.exe
8. Click OK or hit Enter. The Windows Explorer shell will restart.
 

borhani

Honorable
Apr 7, 2013
26
0
10,540
Thanks, but that didn't work:
1. Connected via RDP to XP computer.
2. Started file explorer. OK
3. In file explorer, clicked the "+" signs to get the C: drive on the Win7 computer to be displayed. OK
4. Stopped & restarted explorer.exe. OK
5. Started file explorer again. OK
6. In file explorer, again clicked the "+" signs to get the C: drive on the Win7 computer to be displayed. OK
7. Actually *clicked* on the Win7 C: drive (as though I wanted to see what files it had) ===> BSOD

It really seems to be something changed about RDP, I guess on the XP side: It sends a request to the host (Win7), like "tell me what files I should display here...", and that sending of the request is killing it; or the reply back from Win7 is killing it...

How can I debug this, i.e., capture the communication back & forth between the two computers, to see how far they actually get before WinXP dies?



 

borhani

Honorable
Apr 7, 2013
26
0
10,540
I ran wireshark, capturing all available ports, while connecting via RDP (from 192.168.1.2 [Win7] to 192.168.1.7 [WinXP]). Capture is posted here: https://www.dropbox.com/s/mf9xrf6jtrahb2k/RDP_Debugging_201304090800.pcapng

Sequence of events:
1. Started wireshark capture on Win7
2. Started RDP connection
3. Logged in to WinXP via RDP
4. ( Most of the capture time is here... WinXP logging me, starting the few processes that run when I log in )
5. Started file explorer (OK), though the Win7 local C drive was not listed (Win7 was not VPN-networked, so only it's local drive would show up...but it doesn't; usually, when I am VPN-connected on Win7, *all* drives, including network drives, show up on the RDP session; when RDP crash first occurred I was VPN-connected, but VPN status seems to be irrelevant).
6. Back to Win7, copied same text file mentioned in original post
7. Back to WinXP/RDP, tried to paste file ==> BSOD
8. Stopped capture.

So, the BSOD should be about 15 seconds or less from the end of the capture, which runs from 07:57:40 to 08:00:04. The two computers clocks are approximately in sync (certainly to the minute). The WinXP system log posted here: https://www.dropbox.com/s/n7f0t2o132uhdxl/WinXP_SystemLog_201304090831_trimmed.csv

I don't see anything particularly informative in the log: some seemingly innocuous RDP errors (in that they occurred long before the BSOD), then some complaints about Win7 printers that WinXP cannot find, then notification of the minidump.

Ideas? I'm beginning to think this is a memory error...
 

jackson1420

Distinguished
May 10, 2010
487
0
18,860
If its worked before the memory error wouldn't hold true. You can test you memory with memtestx86. (If your motherboard doesn't support the memory modules then you may not at all see the error via memtestx86 or any other method but random behavior)

Reinstall and/or uninstall the printer then try. Printers have random issues sometimes
 

borhani

Honorable
Apr 7, 2013
26
0
10,540
Folks, I've *completely* wiped & reinstalled WinXP (new disk) --- ALL old stuff not even connected to computer. Still have this error.
BSOD says rdpdr.sys (ver 5.1.2600.5512) is causing the error.

I *can* RDP from XP to Win7 --- that works great, can copy & paste, no trouble at all. But RDP from Win7 into XP causes the BSOD, exactly and only when I try to copy, paste, or click on one of the Win7 drives in file explorer.

ANY ideas?
 

borhani

Honorable
Apr 7, 2013
26
0
10,540

You may be onto something! Yes, both accounts are password protected (Win7 Enterprise, and XP Pro). RDP connection in either direction is authenticated through the C-A-D screen. I think the following details matter, and may be useful clues.

With XP as the RDP client, Win7 server there are no issues. I can copy something in the RDP session (including files) and then paste it back onto the XP computer. I also have folder sharing set up. In file explorer on XP, after the RDP connection is made, the Win7 computer C & D drives appear --- interestingly, after a *second* request for my Win7 domain\username & password --- as "My Network Places\Microsoft Windows Network\Win7_domainname\Win7_computername\Win7_C[D]_drive", and they both work for copy/paste, in both directions, to/from XP.

And, on the Win7 RDP server, in *its* file explorer, the XP disks show up (they take a little longer than Win7 disks showing up on the XP, I think because the Win7 computer is much newer & faster). I can copy/paste to them without issue.

In short, everything works as expected when I RDP from XP to the Win7 server.

HOWEVER, with Win7 client, XP server that's when I get the XP BSOD --- the instant I click on a Win7 drive listed in the (RDP'd) XP file explorer, or paste there, or even copy (an XP file) there. (Copy/paste entirely in the Win7 compter doesn't hurt the RDP session or the XP computer.)

I upgraded last night the the latest rdpdr.sys file for XP I could access (KB972422, ver. 5.1.2600.5875, 4-SEP-2009). It made no difference. BSOD still says rdpdr.sys is the culprit (though some of the parameter addresses are different.)

I don't know if this is relevant/helpful: I am running the updated ver. 7 RDP client on XP (kb969084). I have not enabled the CredSSP, however (kb951608), but RDP to Win7 works fine. (Win7 is running RDP ver. [strike]8[/strike]7, I think [no "quality of connection" icon in connect bar]). When I made the two registry changes to enable CredSSP, [strike]the look of connection changed (got an immediate dialog asking for username/password, instead of "connecting to Win7..."), and authentication failed with a message saying that protocol wasn't enabled. So I backed out the CredSSP changes, and it [/strike] and rebooted, RDP to Win7 still works fine[strike] again[/strike]. [strike]Maybe these just means Win7 computer isn't running CredSSP either?[/strike]

In other words, I'm running the latest, correctly installed RDP client on XP, and it works to connect to Win7. But, connection from Win7 to XP still causes BSOD on copy/paste.

 

borhani

Honorable
Apr 7, 2013
26
0
10,540
I can certainly try that. Maybe it will work (though I'm doubtful...hope my doubts don't ensure it doesn't work!
;)). But if that change works, it will need to be durable, once I turn the password back on.

Is there any way to debug the problem? I've looked at minidumps, which point to rdpdr.sys. What if I do a full dump, and run it through the [a] debugger? Will that pinpoint what's going wrong? If yes, what debugging program would I need?
 

borhani

Honorable
Apr 7, 2013
26
0
10,540
I disabled the C-A-D logon sequence, set password length to zero, and deleted the password for one user (regular user, and also in Remote Desktop User group). I could not log in via RDP from Win7. Says password is required. (I had tested it directly on the XP box, and it worked *without* password). So, I'm not sure how to really test your suggestion.

I also tried supplying Win7 the user/passwd in the RDP dialog (i.e., keep the passwd stored on Win7). RDP login was instantaneous (no asking for passwd) --- and it gave the BSOD upon clicking a Win7 drive in the XP file explorer.

Any other ideas? Debugging suggestions?
 
I'm out of ideas but still wonder if W7 had its password requirement removed, would it perhaps have gone all the way?

I certainly wouldn't use any other debugger than Microsoft's own - have a read here:- http://msdn.microsoft.com/en-gb/windows/hardware/gg463009.aspx

 

jackson1420

Distinguished
May 10, 2010
487
0
18,860
I agree with Saga Lout.

I feel I would have to sit down and have a personally have a conversation with this trouble machine.

Strange issue and it sounds hardware related. I really don't have a clue how hardware could conflict this single operation but at the same time we didn't test for everything possible.

Perhaps trying a different install media freshly downloaded will install non-corrupted system files.

Very odd but if you can try a different network adapter even maybe that is the issue.

As strange as it is I have had weird issues like that.

Last week a power outage occurred at work.

Switch A was hooked up to a surge protector

Switch B was NOT hooked up to a surge protector

Switch A was damaged and required RMA (Diagnosed by vendor tech)

Switch B survived and is working strong even under stress test.

We live in a cruel world where people do mean things to people without reason.

Computers seem to follow the same logic some times even though I try so hard to tell myself each issue is logical - it isn't always logical.
 

borhani

Honorable
Apr 7, 2013
26
0
10,540
Three things make me think it's not hardware: 1. It used to work just fine (I know, the hardware could have *just* failed...). 2. RDP works *in every respect* in the XP_client-to-Win7_server direction. 3. RDP works in every respect *except for copy/paste operations* in the Win7_client-to-XP_server direction.

> corrupted system files
I ran sfc: it reported no issues. I don't have any other XP media.

One other thing...which does make me wonder:

As I did the complete wipe/reinstall, at some point (I'm kicking myself for not properly noting it down), RDP (Win7 client, XP server) into the freshly installed XP worked, *with copy/paste*. I tried it a few times, copied files back & forth. Fine. So, I proceeded to rebuild the rest of my computer (copy user files back on, install s/w, etc). The "some point" was quite early on in this process: I think it was either after the initial XP_SP2 (from CDROM), or after applying the SP3 upgrade, or installing the nVidia motherboard drivers (without which I had not networking), or after installing AVAST, or after the ~130 MS updates (including IE8). Things were done in that order. I probably tested it as soon as I had network, i.e. before the MS updates, possibly before AVAST installation. (*Before* any of this went wrong (i.e., my old XPSP3 install from 2 years ago up until 2 weeks ago), I was at the current update level, with AVAST.)

Is it possible that there is something new in AVAST that is causing the trouble? Less likely, that one of the MS updates is the culprit? I guess I could uninstall AVAST and quickly test whether that makes a difference.
 

borhani

Honorable
Apr 7, 2013
26
0
10,540
No, even a few bytes will do it.

The other (actually, *extremely* irritating) possibility that I'm pursuing is that the Win7 computer (which is my work laptop) has had it's group policies altered in such a way as to cause the the XP BSOD. Apparently, our systems engineers, recently implemented a group policy change to disable copy/paste on remote sessions (including intra-company Win7-Win7 or Linux-Win7 RDP's), which they then quickly backed-out, after the resulting furor (as you can well imagine). They thought they could disable mapping of network drives through RDP and keep copy/paste, but MS confirmed that that is not the case: you get neither, or you get both.

SO, supposedly, my Win7 laptop is back to its original behavior (the group policy changes, and reversions, are pushed out every time I VPN connect, i.e. daily). BUT, what if somehow my laptop didn't get the reversion...

Even if this scenario is what's happening, it's unclear to me why RDP should work in the opposite direction (*with* copy/paste working!), or why if the group policy in the Win7_client-XP_server RDP direction is being violated, it should cause a BSOD instead of simply doing nothing, or giving an error message along the lines of "Group policy doesn't allow you to do that"

I'll update as I learn more from our Systems folks...