locked
RDP crashes on Reconnect RRS feed

  • Question

  • RDP crashes on reconnect. Tried with no resources shared, SFC /scannow, CHKDSK, CheckSUR, Update. Event log says mstscax.dll, attempted another from a different system and re-registering with no luck. Memory dump info below. I do apologises for lack of some symbols, I can add more if required. 

    Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    User Mini Dump File: Only registers, stack and portions of memory are available


    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       SRV*c:\Symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*c:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
    Product: WinNt, suite: SingleUserTS
    Machine Name:
    Debug session time: Thu Oct  1 14:33:31.000 2015 (UTC + 1:00)
    System Uptime: not available
    Process Uptime: 0 days 0:06:52.000
    ................................................................
    ...............................................................
    Loading unloaded module list
    .................................
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (5ae8.6768): Access violation - code c0000005 (first/second chance not available)
    No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
    ntdll!NtWaitForMultipleObjects+0xa:
    00000000`7757df6a c3              ret
    0:014> .reload
    ................................................................
    ...............................................................
    Loading unloaded module list
    .................................
    0:014> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that   ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: $ntdllsym!_CONTEXT                            ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that   ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: ntdll!_PEB                                    ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that   ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: ntdll!_HEAP_FAILURE_INFORMATION                ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that   ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!IMAGE_NT_HEADERS32                         ***
    ***                                                                   ***
    *************************************************************************
    *** WARNING: Unable to verify timestamp for infql2.dll
    *** ERROR: Module load completed but symbols could not be loaded for infql2.dll
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that   ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: ntdll!_LIST_ENTRY                             ***
    ***                                                                   ***
    *************************************************************************

    CONTEXT:  (.ecxr)
    rax=0000000025810900 rbx=0000000000000008 rcx=0000000000000000
    rdx=00000000800706bf rsi=000007fec2be56a0 rdi=00000000800706bf
    rip=000007fec305b91a rsp=000000001e43fb90 rbp=00000000800706bf
     r8=0000000000000000  r9=00000000ffffffff r10=00000000273e1030
    r11=fffffffffffffffe r12=000000000a55ee28 r13=00000000258886b8
    r14=0000000000000000 r15=0000000000000001
    iopl=0         nv up ei pl nz na po nc
    cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
    mstscax!CClientProxyTransport::SetErrorStatus+0xa:
    000007fe`c305b91a 4883b98007000000 cmp     qword ptr [rcx+780h],0 ds:00000000`00000780=????????????????
    Resetting default scope

    FAULTING_IP: 
    mstscax!CClientProxyTransport::SetErrorStatus+a
    000007fe`c305b91a 4883b98007000000 cmp     qword ptr [rcx+780h],0

    EXCEPTION_RECORD:  (.exr -1)
    ExceptionAddress: 000007fec305b91a (mstscax!CClientProxyTransport::SetErrorStatus+0x000000000000000a)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000000
       Parameter[1]: 0000000000000780
    Attempt to read from address 0000000000000780

    PROCESS_NAME:  mstsc.exe

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_PARAMETER1:  0000000000000000

    EXCEPTION_PARAMETER2:  0000000000000780

    READ_ADDRESS:  0000000000000780 

    FOLLOWUP_IP: 
    mstscax!CClientProxyTransport::SetErrorStatus+a
    000007fe`c305b91a 4883b98007000000 cmp     qword ptr [rcx+780h],0

    DETOURED_IMAGE: 1

    APPLICATION_VERIFIER_LOADED: 1

    APP:  mstsc.exe

    ANALYSIS_VERSION: 10.0.10240.9 amd64fre

    BUGCHECK_STR:  NULL_CLASS_PTR_READ_AVRF

    DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_READ_AVRF

    LAST_CONTROL_TRANSFER:  from 000007fec305ba07 to 000007fec305b91a

    STACK_TEXT:  
    00000000`1e43fb90 000007fe`c305ba07 : 00000000`03cd0000 000007fe`c2be56a0 00000000`0a55ee28 000007fe`c306403f : mstscax!CClientProxyTransport::SetErrorStatus+0xa
    00000000`1e43fbd0 000007fe`c305ded5 : 00000000`25818600 000007fe`c2be56a0 00000000`25818600 00000000`800706bf : mstscax!CClientProxyTransport::GetErrorStatus+0x27
    00000000`1e43fc20 000007fe`c313b0b1 : 00000000`00000075 000007fe`c2be56a0 00000000`2742d460 00000000`0a511b88 : mstscax!CProxyClientSendPacket::OnComplete+0x75
    00000000`1e43fc60 000007fe`c3034396 : 000007fe`c313b060 00000000`0000000b 00000000`257a6028 00000000`800706bf : mstscax!CAAAsyncSend::OnComplete+0x51
    00000000`1e43fc90 000007fe`c313a96d : 000007fe`c3139ed0 00000000`25888690 00000000`257a6028 00000000`00000000 : mstscax!CAARpcClientChannel::Shutdown+0x12a
    00000000`1e43fcf0 000007fe`c3139534 : 00000000`25888690 00000000`0a4fb0e0 00000000`00000000 00000000`0a4fb118 : mstscax!CAAAsyncDisconnectChannel::Invoke+0xfd
    00000000`1e43fd30 000007fe`c3034d10 : 00000000`257a5eb0 00000000`00000000 00000000`0a507f00 000007fe`c3139800 : mstscax!CAAChannel::DisconnectInternal+0x1c4
    00000000`1e43fd80 000007fe`c3035e14 : 000007fe`00000000 00000000`0a51a538 00000000`00000000 00000000`6df5b277 : mstscax!CAARpcClientChannel::HandleReceiveComplete+0x158
    00000000`1e43fde0 000007fe`c3047898 : 000007fe`c3035d70 00000000`1e43fe60 00000000`0a51a538 00000000`257a5ed8 : mstscax!CAARpcClientChannel::HandleIOCompletion+0xa4
    00000000`1e43fe10 000007fe`bc5a4b87 : 00000000`40000000 00000000`0a51a538 00000000`257a5ed8 00000000`00000000 : mstscax!CAagIO::AAGIoThreadFunc+0x118
    00000000`1e43fea0 00000000`77325a4d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : verifier!AVrfpStandardThreadFunction+0x2b
    00000000`1e43fee0 00000000`7755b831 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
    00000000`1e43ff10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d


    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  mstscax!CClientProxyTransport::SetErrorStatus+a

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: mstscax

    IMAGE_NAME:  mstscax.dll

    DEBUG_FLR_IMAGE_TIMESTAMP:  559e949e

    STACK_COMMAND:  .ecxr ; kb

    FAILURE_BUCKET_ID:  NULL_CLASS_PTR_READ_AVRF_c0000005_mstscax.dll!CClientProxyTransport::SetErrorStatus

    BUCKET_ID:  X64_NULL_CLASS_PTR_READ_AVRF_DETOURED_mstscax!CClientProxyTransport::SetErrorStatus+a

    PRIMARY_PROBLEM_CLASS:  X64_NULL_CLASS_PTR_READ_AVRF_DETOURED_mstscax!CClientProxyTransport::SetErrorStatus+a

    FAILURE_PROBLEM_CLASS:  NULL_CLASS_PTR_READ_AVRF

    FAILURE_EXCEPTION_CODE:  c0000005

    FAILURE_IMAGE_NAME:  mstscax.dll

    FAILURE_FUNCTION_NAME:  CClientProxyTransport::SetErrorStatus

    FAILURE_SYMBOL_NAME:  mstscax.dll!CClientProxyTransport::SetErrorStatus

    ANALYSIS_SOURCE:  UM

    FAILURE_ID_HASH_STRING:  um:null_class_ptr_read_avrf_c0000005_mstscax.dll!cclientproxytransport::seterrorstatus

    FAILURE_ID_HASH:  {e959131c-c8a7-489e-da18-fe91a35c2c07}

    Followup:     MachineOwner
    ---------

    Any help would be greatly appreciated.

    Thank you

    Regards 

    Tuesday, October 6, 2015 2:13 PM

All replies

  •  
    We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.


    Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
    If you have any questions about the procedure please ask


    Wanikiya and Dyami--Team Zigzag

    Tuesday, October 6, 2015 2:25 PM
  • OK my apologises, I have uploaded to one drive the link is : 

    http://1drv.ms/1jMqSBI

    Tuesday, October 6, 2015 3:35 PM
  • Jack

    Sorry but even logged in I cannot download it


    Wanikiya and Dyami--Team Zigzag

    Wednesday, October 7, 2015 12:28 PM
  • That actually isn't a DMP file. it's a .exe.23272 file and won't open correctly in a debugger.
    Wednesday, October 7, 2015 1:31 PM
  • Sorry to say it is a .DMP file. The full name is mstsc.exe.23272.dmp . 

    I have checked and you should be able to download that file without any issues. 

    Regards

    Wednesday, October 7, 2015 2:00 PM
  • Jack

    I was able to get to another machine and download the User mode DMP.  It was related to Remote Desktop Services ActiveX control (mstscax.dll) does not match the version of the client shell.  I would re-install the newest driver available for the video driver/ActiveX

    It may also have been broken by a recent windows update as described here http://superuser.com/questions/584989/remote-desktop-activex-control-does-not-match-version-of-client-shell


    Wanikiya and Dyami--Team Zigzag


    • Edited by ZigZag3143x Wednesday, October 7, 2015 3:47 PM
    Wednesday, October 7, 2015 3:45 PM
  • OK thank you for your advice. 

    I will look into reinstalling the newest Active X control

    Thursday, October 8, 2015 11:25 AM
  • I am looking into reinstalling the whole of RDP on Windows 7. The ActiveX control being the fault i am not completely sure because RDP would not connect in the first place, correct? 
    Thursday, October 8, 2015 2:14 PM
  • Jack

    I was able to get to another machine and download the User mode DMP.  It was related to Remote Desktop Services ActiveX control (mstscax.dll) does not match the version of the client shell.  I would re-install the newest driver available for the video driver/ActiveX

    It may also have been broken by a recent windows update as described here http://superuser.com/questions/584989/remote-desktop-activex-control-does-not-match-version-of-client-shell


    Wanikiya and Dyami--Team Zigzag


    When you say re-install the newest driver for video / ActiveX, does that mean the graphics driver? That I can do but I am not absolutely sure how one would reinstall ActiveX control without reinstalling Windows Updates. I am currently trying to see if uninstalling KB2574819 and KB2592687 would resolve the issue. 

    Thank you for your assistance.

    Regards

    Jack

    Tuesday, October 20, 2015 4:03 PM
  • Any further assistance would be greatly appreciated. 

    Regards

    Thursday, October 22, 2015 9:53 AM
  • bump
    Tuesday, November 17, 2015 12:53 PM