I have 1 user who's remote desktop session hangs when a call comes into ID. It doesn't happen on every call but a few times a day. The user then uses task manager to kill the RD session because it won't respond.
Details about user's local environment:
OS= Windows 10 64 bit
ID version = CIC 2016 R4 Patch4 Runs on local computer.
User establishes a remote desktop connection to a Windows 2008 R2 64 bit server across private telecom. The RD session will hang whether a RD gateway is used or not.
The error in event logs:
Log Name: Application
Source: Windows Error Reporting
Date: 8/2/2017 10:00:32 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SCI-01262017.SafetyCall.local
Description:
Fault bucket , type 0
Event Name: AppHangB1
Response: Not available
Cab Id: 0
Problem signature:
P1: mstsc.exe
P2: 10.0.14393.1378
P3: 594a1370
P4: 58a0
P5: 67246080
P6:
P7:
P8:
P9:
P10:
Attached files:
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7AEE.tmp.version.xml
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7B1E.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B4F.tmp.WERInternalMetadata.xml
WERGenerationLog.txt
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_mstsc.exe_d01a6cff1bab55afd0c911afcb6578df644290_ea35734d_cab_11517b7b
Analysis symbol:
Rechecking for solution: 0
Report Id: 52d4a521-7793-11e7-a4b9-484d7edc8c4c
Report Status: 5
Hashed bucket:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-08-02T15:00:32.556375000Z" />
<EventRecordID>10476</EventRecordID>
<Channel>Application</Channel>
<Computer>SCI-01262017.SafetyCall.local</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>0</Data>
<Data>AppHangB1</Data>
<Data>Not available</Data>
<Data>0</Data>
<Data>mstsc.exe</Data>
<Data>10.0.14393.1378</Data>
<Data>594a1370</Data>
<Data>58a0</Data>
<Data>67246080</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7AEE.tmp.version.xml
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7B1E.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B4F.tmp.WERInternalMetadata.xml
WERGenerationLog.txt</Data>
<Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_mstsc.exe_d01a6cff1bab55afd0c911afcb6578df644290_ea35734d_cab_11517b7b</Data>
<Data>
</Data>
<Data>0</Data>
<Data>52d4a521-7793-11e7-a4b9-484d7edc8c4c</Data>
<Data>5</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: Windows Error Reporting
Date: 8/2/2017 10:00:33 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SCI-01262017.SafetyCall.local
Description:
Fault bucket 129503131938, type 5
Event Name: AppHangB1
Response: Not available
Cab Id: 0
Problem signature:
P1: mstsc.exe
P2: 10.0.14393.1378
P3: 594a1370
P4: 58a0
P5: 67246080
P6:
P7:
P8:
P9:
P10:
Attached files:
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7AEE.tmp.version.xml
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7B1E.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B4F.tmp.WERInternalMetadata.xml
WERGenerationLog.txt
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_mstsc.exe_d01a6cff1bab55afd0c911afcb6578df644290_ea35734d_126986e5
Analysis symbol:
Rechecking for solution: 0
Report Id: 52d4a521-7793-11e7-a4b9-484d7edc8c4c
Report Status: 0
Hashed bucket: f187532d18f1e2861b58ae7e857465ab
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-08-02T15:00:33.665632100Z" />
<EventRecordID>10477</EventRecordID>
<Channel>Application</Channel>
<Computer>SCI-01262017.SafetyCall.local</Computer>
<Security />
</System>
<EventData>
<Data>129503131938</Data>
<Data>5</Data>
<Data>AppHangB1</Data>
<Data>Not available</Data>
<Data>0</Data>
<Data>mstsc.exe</Data>
<Data>10.0.14393.1378</Data>
<Data>594a1370</Data>
<Data>58a0</Data>
<Data>67246080</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7AEE.tmp.version.xml
\\?\C:\Users\cmoncada\AppData\Local\Temp\WER7B1E.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B4F.tmp.WERInternalMetadata.xml
WERGenerationLog.txt</Data>
<Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_mstsc.exe_d01a6cff1bab55afd0c911afcb6578df644290_ea35734d_126986e5</Data>
<Data>
</Data>
<Data>0</Data>
<Data>52d4a521-7793-11e7-a4b9-484d7edc8c4c</Data>
<Data>0</Data>
<Data>f187532d18f1e2861b58ae7e857465ab</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 8/2/2017 10:00:09 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: SCI-01262017.SafetyCall.local
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-02T15:00:09.490015300Z" />
<EventRecordID>12160</EventRecordID>
<Correlation />
<Execution ProcessID="996" ThreadID="7264" />
<Channel>System</Channel>
<Computer>SCI-01262017.SafetyCall.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 8/2/2017 10:00:22 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: SCI-01262017.SafetyCall.local
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-08-02T15:00:22.388818900Z" />
<EventRecordID>12161</EventRecordID>
<Correlation />
<Execution ProcessID="996" ThreadID="7064" />
<Channel>System</Channel>
<Computer>SCI-01262017.SafetyCall.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>