Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: RDP Login Failure with Server 2022

Carbon Black Cloud: RDP Login Failure with Server 2022

Environment

  • Carbon Black Cloud Sensor: Windows 3.9.x Sensors
  • Microsoft Window: Server 2022

Symptoms

  • Limited hardware resources and/or multiple security products running on the same box exposes or worsens the issue
  • Attempts to log in via Remote Desktop Fail with the error:
    Your Remote Desktop Services session has ended, possibly for one of the following reasons:
    
    The administrator has ended the session.
    An error occurred while the connection was being established
    A network problem occurred.
    
    For help solving the problem, see "Remote Desktop" in Help and Support.
  • Windows Event Viewer Application Log shows the dwm.exe process registering and exiting 8 times:
    Level: Information
    Source: Desktop Window Manager
    Event ID:9027
    The Desktop Window Manager has registered the session port.
    
    Level: Warning
    Source: Dwminit
    Event ID:0
    The Desktop Window Manager process has exited. (Process exit code: 0x800401f0, Restart count: 8, Primary display device ID: )
    

Cause

Race condition with the Dwm.exe process and rpcss.dll
 

Resolution

Carbon Black has determined that this issue is not ultimately caused by Carbon Black Cloud. We recommend contacting Microsoft support for additional assistance. 

Additional Notes

There is currently no known workaround. 

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎10-31-2023
Views:
1252
Contributors