Solution for version 10.0.17763.437

[yesidtaz]

Hello, good morning friends, I put it to test in version 10.0.17763.437 and it works perfectly ... Here I leave the program with the patch activated, uninstall the current version and install the one that goes in the program and ready to enjoy.

I hope you help those who have not yet been able to solve the error.

Use the program already with the integrated patch, download it here RDP 1.6.2.zip

Download Termsrv Patch 10.0.17763.437

Thank you does not count anything if it worked.

[jurekcz]

Thank you for the quick fix. I tested it on a few WIN10 VMs and it indeed works with termsrv.dlll version 10.0.17763.379.

[fxrz12]

Thanks, it's cool!

[godzuquis]

thank you, it works great!! just restart the PC after applying path.

[waHdaqJC]

Anti-virus won't let me open the RAR due to the issue with false positive on RDPConf.exe. Would someone please post just the INI file that includes the entries for 10.0.17763.437 x86 (32 bit).

[FZappatta]

How come I get all this crap from this download: ??? Acronis

suspicious

Alibaba

RemoteAdmin:Win32/RDPWrap.cab484ff

Avast

FileRepMalware

AVG

Win32:Malware-gen

Avira

HEUR/AGEN.1039416

ClamAV

Win.Malware.Winlock-6913733-0

CrowdStrike Falcon

win/malicious_confidence_80% (W)

Cybereason

malicious.869c85

Cylance

Unsafe

Endgame

malicious (moderate confidence)

F-Secure

Heuristic.HEUR/AGEN.1039416

FireEye

Generic.mg.b92886d757c740d5

K7AntiVirus

Trojan ( 0051918e1 )

K7GW

Trojan ( 0051918e1 )

Kaspersky

not-a-virus:RemoteAdmin.Win32.RDPWrap.h

McAfee

Artemis!B92886D757C7

McAfee-GW-Edition

BehavesLike.Win32.Generic.vc

Palo Alto Networks

generic.ml

Qihoo-360

Win32/Virus.RemoteAdmin.eb2

Rising

Trojan.Tiggre!8.ED98/N3#100% (RDM+:cmRtazoOYGc9tINFo3SaoIS2s1JH)

SentinelOne

DFI - Suspicious PE

Sophos AV

RDP Host Support (PUA)

Sophos ML

heuristic

Symantec

ML.Attribute.HighConfidence

Trapmine

malicious.high.ml.score

VBA32

Trojan.Nitol

ZoneAlarm not-a-virus:RemoteAdmin.Win32.RDPWrap.h

[Remonell]

Be careful with that files he uploaded. The uploader and most of the users who commented positive stuff all created their account in April 2019. Very suspicious.

[FZappatta]

Interesting ... I send the 'link' to VIRUSTOTAL ... (a RAR file) .. and it scans clean .... I download it and the RAR produces a few 'alerts' ... I extract it ... and I get shitload of alerts if I upload the extracted .EXE to VIRUSTOTAL ... something very strange going on here .... ????

[FZappatta]

Meanwhile ... if anyone has the 'ini parms' for 10.0.17763.437 (x86 & x64) offsets - please post them here in 'text' mode ... that's all I need ! Thanks in advance !

[FZappatta]

This worked for me (at least for x64) ...

[10.0.17763.437-SLInit] bInitialized.x86 =CD798 bServerSku.x86 =CD79C lMaxUserSessions.x86 =CD7A0 bAppServerAllowed.x86 =CD7A8 bRemoteConnAllowed.x86=CD7AC bMultimonAllowed.x86 =CD7B0 ulMaxDebugSessions.x86=CD7B4 bFUSEnabled.x86 =CD7B8 bInitialized.x64 =ECAB0 bServerSku.x64 =ECAB4 lMaxUserSessions.x64 =ECAB8 bAppServerAllowed.x64 =ECAC0 bRemoteConnAllowed.x64=ECAC4 bMultimonAllowed.x64 =ECAC8 ulMaxDebugSessions.x64=ECACC bFUSEnabled.x64 =ECAD0

[10.0.17763.437] LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=77A41 LocalOnlyCode.x64=jmpshort SingleUserPatch.x64=1 SingleUserOffset.x64=3E520 SingleUserCode.x64=Zero DefPolicyPatch.x64=1 DefPolicyOffset.x64=18025 DefPolicyCode.x64=CDefPolicy_Query_eax_rcx SLInitHook.x64=1 SLInitOffset.x64=1ACDC SLInitFunc.x64=New_CSLQuery_Initialize

bInitialized.x64 =ECAB0 bServerSku.x64 =ECAB4 lMaxUserSessions.x64 =ECAB8 bAppServerAllowed.x64 =ECAC0 bRemoteConnAllowed.x64=ECAC4 bMultimonAllowed.x64 =ECAC8 ulMaxDebugSessions.x64=ECACC bFUSEnabled.x64 =ECAD0

(make sure to leave a 'blank' line at the end of the ini)

or for the recent whole ini file (x32 untested) go here:

https://github.com/stascorp/rdpwrap/files/3062713/rdpwrap.zip

https://github.com/stascorp/rdpwrap/issues/720#issuecomment-481588640

[Remonell]

@FZappatta The file link does not work. Can you also post your full .ini file? I think most of us have x64 anyways. Do I need the same termserv.dll as you use?

[yesidtaz]

How come I get all this crap from this download: ??? Acronis

suspicious

Alibaba

RemoteAdmin:Win32/RDPWrap.cab484ff

Avast

FileRepMalware

AVG

Win32:Malware-gen

Avira

HEUR/AGEN.1039416

ClamAV

Win.Malware.Winlock-6913733-0

CrowdStrike Falcon

win/malicious_confidence_80% (W)

Cybereason

malicious.869c85

Cylance

Unsafe

Endgame

malicious (moderate confidence)

F-Secure

Heuristic.HEUR/AGEN.1039416

FireEye

Generic.mg.b92886d757c740d5

K7AntiVirus

Trojan ( 0051918e1 )

K7GW

Trojan ( 0051918e1 )

Kaspersky

not-a-virus:RemoteAdmin.Win32.RDPWrap.h

McAfee

Artemis!B92886D757C7

McAfee-GW-Edition

BehavesLike.Win32.Generic.vc

Palo Alto Networks

generic.ml

Qihoo-360

Win32/Virus.RemoteAdmin.eb2

Rising

Trojan.Tiggre!8.ED98/N3#100% (RDM+:cmRtazoOYGc9tINFo3SaoIS2s1JH)

SentinelOne

DFI - Suspicious PE

Sophos AV

RDP Host Support (PUA)

Sophos ML

heuristic

Symantec

ML.Attribute.HighConfidence

Trapmine

malicious.high.ml.score

VBA32

Trojan.Nitol

ZoneAlarm not-a-virus:RemoteAdmin.Win32.RDPWrap.h

You notice that you do not know what you are doing, I invite you to upload the zip file that is downloaded from the original installer to virustotal and compare and both come out with the same amount of false positives, first report before forming a chaos just for not knowing what what does.

https://github.com/stascorp/rdpwrap/releases

[yesidtaz]

Ten cuidado con los archivos que subió. El cargador y la mayoría de los usuarios que comentaron cosas positivas crearon su cuenta en abril de 2019. Muy sospechoso.

It shows that you are paranoid, so if you do not like the help you receive, look and do it manually

[yesidtaz]

El antivirus no me deja abrir el RAR debido al problema con falso positivo en RDPConf.exe. Alguien, por favor, publique solo el archivo INI que incluye las entradas para 10.0.17763.437 x86 (32 bits).

I went back to upload the file in zip

[FZappatta]

Nice try .... Lucky Defender tags it as malware and blocks downloading.

Looks like you don't know what your doing .... why didn't you just paste the ini update - so simple ...

[Remonell]

This worked for me (at least for x64) ...

[10.0.17763.437-SLInit] bInitialized.x86 =CD798 bServerSku.x86 =CD79C lMaxUserSessions.x86 =CD7A0 bAppServerAllowed.x86 =CD7A8 bRemoteConnAllowed.x86=CD7AC bMultimonAllowed.x86 =CD7B0 ulMaxDebugSessions.x86=CD7B4 bFUSEnabled.x86 =CD7B8 bInitialized.x64 =ECAB0 bServerSku.x64 =ECAB4 lMaxUserSessions.x64 =ECAB8 bAppServerAllowed.x64 =ECAC0 bRemoteConnAllowed.x64=ECAC4 bMultimonAllowed.x64 =ECAC8 ulMaxDebugSessions.x64=ECACC bFUSEnabled.x64 =ECAD0

[10.0.17763.437] LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=77A41 LocalOnlyCode.x64=jmpshort SingleUserPatch.x64=1 SingleUserOffset.x64=3E520 SingleUserCode.x64=Zero DefPolicyPatch.x64=1 DefPolicyOffset.x64=18025 DefPolicyCode.x64=CDefPolicy_Query_eax_rcx SLInitHook.x64=1 SLInitOffset.x64=1ACDC SLInitFunc.x64=New_CSLQuery_Initialize

bInitialized.x64 =ECAB0 bServerSku.x64 =ECAB4 lMaxUserSessions.x64 =ECAB8 bAppServerAllowed.x64 =ECAC0 bRemoteConnAllowed.x64=ECAC4 bMultimonAllowed.x64 =ECAC8 ulMaxDebugSessions.x64=ECACC bFUSEnabled.x64 =ECAD0

(make sure to leave a 'blank' line at the end of the ini)

or for the recent whole ini file (x32 untested) go here: https://github.com/stascorp/rdpwrap/files/3062713/rdpwrap.zip

Yes!!! This works for me too! Thanks a lot!

Can you please explain your procedure? How did you find out those values? So I can do the same the next time a windows update breaks RDPWrap.

[FZappatta]

Updated INI link that works:

https://github.com/stascorp/rdpwrap/files/3062713/rdpwrap.zip

and the other thread it came from:

https://github.com/stascorp/rdpwrap/issues/720

[FZappatta]

Beware of 'Patch Tuesday' - it's not a matter of 'if' - it's a matter of 'when' MS breaks it again !

I'm just surprised that they haven't permanently broken it by now ....

You might want to take a look at this:

https://www.mysysadmintips.com/windows/clients/545-multiple-rdp-remote-desktop-sessions-in-windows-10

[auliarahmed]

THE BEST FOR WIN 10 17763 THE REAL MVP!!! THANKYOU

[waHdaqJC]

Thanks for the post FZappatta. Unfortunately didn't work for me on a machine with x86-32-bit Windows.

Can anybody confirm that the INI that FZappatta posted worked for them on an x86-32-bit machine?

[auliarahmed]

Thanks for the post FZappatta. Unfortunately didn't work for me on a machine with x86-32-bit Windows.

Can anybody confirm that the INI that FZappatta posted worked for them on an x86-32-bit machine?

Worked on 64bit, after install dont forget to restart

[saurav-biswas]

@yesidtaz thanks the problem is resolved, but i am facing issue with single session per user is not working.

[basiliqq]

Please, send someone termsrv.dll for 10.0.17763.437. I did not make backup(

[kozi48]

Please, send someone termsrv.dll for 10.0.17763.437. I did not make backup(

termsrv.zip

[Kabss]

Hello, good morning friends, I put it to test in version 10.0.17763.437 and it works perfectly ... Here I leave the program with the patch activated, uninstall the current version and install the one that goes in the program and ready to enjoy.

I hope you help those who have not yet been able to solve the error.

Use the program already with the integrated patch, download it here RDP 1.6.2.zip

Thank you does not count anything if it worked.

OMG!!!

This worked. Thank you so so so so much. I've been looking online for a solution for the past hour. Thank you!

[micvirik]

I have this status on my WIN10 but still not working multiple users

[Kabss]

Have you tried restarting your machine. After any changes, it's advisable to restart for the changes to kick in.

Also, have you dowloaded yesidtaz's RDP program. This fixed my issue. Uninstall your current set up and then use his app to install.

On Thu, 11 Apr 2019 at 13:30, micvirik notifications@github.com wrote:

[image: image] https://user-images.githubusercontent.com/49303682/55957289-3eb54f00-5c66-11e9-8dd7-47333e398e10.png

I have this status on my WIN10 but still not working multyple users

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/stascorp/rdpwrap/issues/729#issuecomment-482094348, or mute the thread https://github.com/notifications/unsubscribe-auth/AtU38yYOfZNAPcm9FwbQFZT5DbDVY-7Rks5vfyrcgaJpZM4cobDi .

[herna]

@yesidtaz thanks the problem is resolved, but i am facing issue with single session per user is not working.

Correct, I am facing exactly this same problem, feature "single session per user" doesn't work, I had to uninstall the last Windows update in order to make it work again. I also wrote it here: https://github.com/stascorp/rdpwrap/issues/720#issuecomment-482073378

Let's hope someone finds a workaround soon.

[micvirik]

Skúšali ste reštartovať počítač. Po všetkých zmenách je vhodné reštartovať zmeny, ktoré sa majú vykonať. Tiež ste si stiahli program RDP programu yesidtaz. Toto vyriešilo môj problém. Odinštalujte aktuálne nastavenie a potom nainštalujte aplikáciu. ... Dňa Thu, 11 Apr 2019 o 13:30, micvirik @.***> napísal: [image: image] < https://user-images.githubusercontent.com/49303682/55957289-3eb54f00- 5c66-11e9-8dd7-47333e398e10.png > Mám tento stav na mojom WIN10, ale stále nefunguje multyple užívatelia - Dostávate to, pretože ste komentovali. Odpovedať na tento e-mail priamo, zobraziť na GitHub < # 729 (komentár) >, alebo stlmiť vlákno < https://github.com/notifications/unsubscribe-auth/AtU38yYOfZNAPcm9FwbQFZT5DbDVY-7Rks5vfyrcgaJpZM4cobDi >.

..................................

OK IT works! :) .... FIRST I uninstall the WRAP next i restart the machine then i Install the WRAP and last I restart it second times.... THEN ALL WORKS GREAT.

THX

[lwhuang]

works for me, thanks

[StarfighterJ]

FZappatta thank don't we need to stop and start something I forgot what? Never Mind I found it Follow these steps: Open CMD as Administrator net stop termservice Backup your rdpwrap.ini Copy and overwrite with my rdpwrap.ini (C:\Program Files\RDP Wrapper) Go back to the CMD Admin - net start termservice Check with RDPconf

[yesidtaz]

Tengo este estado en mi WIN10 pero todavía no funciona con varios usuarios

Hello friend must use the default RDP authentication

[yesidtaz]

@yesidtaz agradece que el problema se haya resuelto, pero estoy enfrentando un problema con una sola sesión por usuario que no funciona.

Correcto, estoy enfrentando exactamente este mismo problema, la función "sesión única por usuario" no funciona, tuve que desinstalar la última actualización de Windows para que funcione de nuevo. También lo escribí aquí: # 720 (comentario)

Esperemos que alguien encuentre una solución en breve.

Hello friend must use the default RDP authentication

[herna]

@yesidtaz thanks the problem is resolved, but i am facing issue with single session per user is not working.

Check here for the solution: https://github.com/stascorp/rdpwrap/issues/720#issuecomment-482462622

[nbarm2]

@yesidtaz thanks the problem is resolved, but i am facing issue with single session per user is not working.

Check here for the solution: #720 (comment)

Thanks, confirmed fix (SingleUserOffset.x64=1322C) for single session per user: https://github.com/stascorp/rdpwrap/issues/720#issuecomment-482462622

[RoosterIllusion]

Can anyone explain these SingleUserOffset.x64 values? The op with the repacked exe(anyone installing this is taking a huge risk) at the top of the thread supposedly had a value of: SingleUserOffset.x64=3E520 This offset points to 000000018003E50A loc_18003E50A: ; CODE XREF: CRemoteTerminal::GetTerminalTypeExtended(_GUID *,ulong *,__MIDL___MIDL_itf_lsminterfacesdef_0000_0001_0004 *,_GUID *)+7Fj .000000018003E51C mov rax, [rax+158h] and changes it to 000000018003E51C mov rax, [rax+58h]

The other suggested value 1322C points to loc_18001322C: ; CODE XREF: CSessionArbitrationDesktop::GetRequestForWinlogon(_TS_WINLOGON_REQUEST *,int *)+1B2j 000000018001322C test ebx, ebx and changes it to loc_18001322C: ; CODE XREF: CSessionArbitrationDesktop::GetRequestForWinlogon(_TS_WINLOGON_REQUEST *,int *)+1B2j 000000018001322C add ebx, ebx

Using the guide https://github.com/stascorp/rdpwrap/blob/master/res/rdpwrap-ini-kb.txt The function you want to target is CSessionArbitrationHelper::IsSingleSessionPerUserEnabled and starts at 13450. Looking for something that matches the pattern of being initialized with a 1, you would probably look at the value 133B7 which is a 1 that you can flip to a zero. 00000001800133B6 mov dl, 1

It is a guess, but that fits the pattern of the examples.

[tel19]

I am struggling to get RDPwrap working again.

I have run the uninstall, rebooted and run the install but RDPwrap is still not listening. I have tried to replace the termsrv.dll but seem unable to give permission to administrator in order to delete the current one. Every option seems to be greyed out when I try to change the permissions.

Am I doing something wrong?

[tel19]

Sorry, I did another reboot and it is working now. Thanks for the update.

[pamanoae]

Hello,

We had an update yesterday (yesterday we did the restart, maybe it was from earlier this week) and the problem came up again. Copying the new termsrv.dll makes the Remote Desktop Services service to crash and won't start. Any idea if the latest update broke this again? Thanks!

[kuerk]

I follow all step described, everything normally "green", but it still kick logged user. :( I have two accounts on remote system. Any clue? Ty

[agunes77]

Thank youı friend. Good job

[agunes77]

Version 10.0.17763.379 working...

[sebaxakerhtc]

Closed as not actual

[yesidtaz]

RDP Working perfect on 21H1

RDP Working perfect on 21H1