The Remote Desktop Services service terminated unexpectedly

Had an issue with a clients TS – 2008 R2 SP1. After scouring the logs, found multiple 7034 events. Application logs also firing;

Faulting application name: svchost.exe_TermService, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: rdpcorekmts.dll, version: 6.1.7600.16952, time stamp: 0x4f1f9e66

Exception code: 0xc0000005

Fault offset: 0x000000000000a793

Faulting process id: 0xc70

Faulting application start time: 0x01cd55b4c6d647d4

Faulting application path: C:\Windows\System32\svchost.exe

Faulting module path: C:\Windows\system32\rdpcorekmts.dll

Report Id: 14a64f35-c1a8-11e1-95b5-78e7d1f48e8a

The rdpcorekmts.dll needs to be copied from a working server. Once you have done this, follow the below steps;

You need to run this with a user that is an admin on the target system. Copy psexec and rdpcorekmts.dll (the new version) to a folder. Create a file named servernames.txt and add the name of the server(s) you want to fi Create a start.cmd file edit it and add the following:

@echo off Echo ************************************************************* echo * This process will update and change the file rdpcorekmts. * echo * If you don’t want to do that, ‘X’ out now                 * echo ************************************************************* pause

:stop remote desktop services for /f %%i in (servernames.txt) do psexec \\%%i net stop “Remote Desktop Services” /y
:Take Ownership for /f %%i in (servernames.txt) do psexec  \\%%i takeown /F c:\windows\system32\rdpcorekmts.dll
:Change permissions to full for /f %%i in (servernames.txt) do psexec  \\%%i icacls c:\windows\system32\rdpcorekmts.dll /grant administrators:F
:Copy in newer version for /f %%i in (servernames.txt) do copy rdpcorekmts.dll \\%%i\c$\windows\system32\
:Change permissions back to read-only for /f %%i in (servernames.txt) do psexec  \\%%i icacls c:\windows\system32\rdpcorekmts.dll /grant administrators:R
:start the service back up for /f %%i in (servernames.txt) do psexec \\%%i net start “Remote Desktop Services” /y
Echo ******************************************************************** echo * Remove the names of the affected servers in the file Servernames * echo ******************************************************************** Echo *Should be all done now. * echo **************************
pause exit


Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: