drdread
  • drdread
  • 100% (Exalted)
  • Advanced Member Topic Starter
22 days ago
[Window Title]
Remote Desktop Connection

[Content]
This computer can't connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

[^] Hide details [OK]

[Expanded Information]
Error code: 0x3
Extended error code: 0x7

What is causing this - the machine has always been OK in the past..?

Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: bc1q4whppe29dw77rm4kv4pln0gqae4yjnxly0dny0hky6yhnafukzjsyrsqhk

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member
22 days ago
Log Name: Application
Source: Dwminit
Date: 13/05/2025 11:26:10
Event ID: 0
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: RDserv.domain.local
Description:
The Desktop Window Manager process has exited. (Process exit code: 0xc0000005, Restart count: 8, Primary display device ID: RDPUDD Chained DD)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Dwminit" />
    <EventID Qualifiers="32770">0</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2025-05-13T10:26:10.238947200Z" />
    <EventRecordID>106102465</EventRecordID>
    <Channel>Application</Channel>
    <Computer>RDserv.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xc0000005</Data>
    <Data>8</Data>
    <Data>RDPUDD Chained DD</Data>
  </EventData>
</Event>

Is this related??
Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member
22 days ago
OK I am seeing these:
Event 360: Windows Hello for Business provisioning will not be launched.
Device is AAD joined ( AADJ or DJ++ ): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Windows Hello for Business post-logon provisioning is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: Not Tested
Machine is governed by none policy.
https://go.microsoft.com/fwlink/?linkid=832647  for more details.

Log Name: Application
Source: Dwminit
Date: 13/05/2025 14:50:59
Event ID: 0
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: RDserv.domain.local
Description:
The Desktop Window Manager process has exited. (Process exit code: 0xc0000005, Restart count: 8, Primary display device ID: RDPUDD Chained DD)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Dwminit" />
    <EventID Qualifiers="32770">0</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2025-05-13T13:50:59.605802600Z" />
    <EventRecordID>106103570</EventRecordID>
    <Channel>Application</Channel>
    <Computer>RDServ.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xc0000005</Data>
    <Data>8</Data>
    <Data>RDPUDD Chained DD</Data>
  </EventData>
</Event>

Theser occur every time I am logged out pr fail to login - what has broken our RD?
sirclesadmin
22 days ago

You're seeing a Dwminit warning (Event ID 0) indicating that Desktop Window Manager (DWM) is crashing during Remote Desktop (RDP) initialization, with exit code 0xc0000005 - an Access Violation error. This means a process tried to access memory it shouldn't.


This, combined with the mention of RDPUDD Chained DD (Remote Desktop Protocol User-mode Display Driver), suggests the problem lies in the graphics stack for RDP, likely affecting your ability to connect via Remote Desktop.




Possible Causes



  1. Corrupt or incompatible graphics drivers, especially those used during remote sessions.

  2. RDP display driver failure - particularly RDPUDD.dll or RdpVideominiport.sys.

  3. Third-party software interference - like screen recording, remote control, or GPU utilities.

  4. Updates - recent Windows Update or driver installation that broke compatibility.

  5. Group Policy or RDP configuration corruption - e.g. bad DWM setting or visual experience setting.




Suggested Steps to Resolve


1. Boot into Safe Mode or use Local Console Access


You may need physical access or use ILO/iDRAC/Hyper-V/VNC to access the console directly.



  • Reboot the server in Safe Mode or via local user session (if available).

  • From there, proceed with the steps below.




2. Disable Hardware Acceleration for Remote Sessions


From Registry Editor, disable hardware acceleration for DWM in remote sessions:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DisableHardwareAcceleration"=dword:00000001



3. Force Basic Display Mode for RDP


In the same Registry location or via GPO, configure to disable RemoteFX or custom display drivers.


Also check:


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"UseDDAPI"=dword:00000000



4. Disable/Uninstall Third-Party Display Software


Temporarily disable or uninstall:



  • NVIDIA/AMD control panels

  • DisplayLink drivers

  • Screen sharing tools (e.g., TeamViewer, Splashtop)

  • Graphics-intensive desktop themes




5. Update or Roll Back Display Drivers


Check Device Manager for display adapters and either:



  • Roll back to previous working driver

  • Update to latest WHQL-certified driver




6. Disable Desktop Composition via GPO (Optional)


Sometimes RDP fails when Aero/Composition is forced. Disable it:


GPO path:


Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment


  • Enable: "Use WDDM graphics display driver for Remote Desktop Connections" Set to Disabled

  • Enable: "Optimize visual experience for Remote Desktop Service" Set to Disabled




7. Restart Remote Desktop Services


Try from console:


net stop termservice
net start termservice



Optional: Use Event Viewer Filters


To confirm related failures, filter Application or System Logs with keywords like rdpudd.dll, dwm.exe, or c0000005 to see if anything else is compounding the failure.




Final Resort: Create New Admin User & Enable RDP Again


If corruption is user-profile-specific, create a new admin user and enable RDP using:


net user NewAdmin P@ssw0rd! /add
net localgroup administrators NewAdmin /add

Ensure RDP is still enabled:


Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"



Let me know if you're able to get local or Safe Mode access - that's the key to moving forward. If it's a VM, you might also check host GPU passthrough or driver issues from the hypervisor side.



drdread
  • drdread
  • 100% (Exalted)
  • Advanced Member Topic Starter
22 days ago
It is a Hype-V VM so it should not have any unusual drivers
sirclesadmin
22 days ago

Perfect - that narrows things down and removes a lot of physical GPU and driver weirdness from the equation. A Hyper-V VM will generally use:



  • Microsoft Hyper-V Video as its display adapter

  • RDPUDD Chained DD for remote rendering in sessions


So if DWM is crashing inside a Hyper-V VM with error 0xc0000005, it's likely tied to Windows updates, RDP session settings, or a corrupted user profile, rather than third-party drivers.




Focused Fix Steps for Hyper-V VM (DWM crashing on RDP)


1. Boot into Enhanced Session or Console via Hyper-V Manager



  • Use Hyper-V Manager Connect Basic Session (no RDP).

  • If it's stuck or blackscreening, use the "Turn Off" and "Start" options (not reboot) - this clears session state.




2. Check for Broken Updates or Patches


Run:


Get-HotFix | Sort-Object InstalledOn -Descending

Compare recent update dates with when the issue began. Uninstall any recent suspect with:


wusa /uninstall /kb:5000000

Replace 5000000 with the KB number.




3. Disable Hardware Acceleration for RDP in Registry


Still valid in VM environments:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DisableHardwareAcceleration"=dword:00000001

Reboot after applying.




4. Force RDP to Use Legacy Display Stack


Disable WDDM in RDP (which relies on DWM):


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"UseDDAPI"=dword:00000000

And if this key doesn't exist, create it as a DWORD (32-bit).




5. Test with a New Local Admin User


Create a new admin account:


net user newadmin P@ssword123 /add
net localgroup administrators newadmin /add

Then try RDP using that account. If it works, your existing profile may be corrupted or loading something that's triggering the crash.




6. Check RemoteFX (Should Be Off)


RemoteFX is deprecated and can cause issues if somehow still enabled. Verify it's off:


Get-VMRemoteFx3dVideoAdapter -VMName "RDserv"  # Should return nothing

If it exists, remove it:


Remove-VMRemoteFx3dVideoAdapter -VMName "RDserv"



7. Check Event Viewer > Application Logs for dwm.exe


Look for accompanying Application Error logs that show:



  • Faulting module (e.g., dwmcore.dll, ntdll.dll)

  • Stack trace or any DLL involved


This will help pinpoint the real trigger.




Final Clean-Up Options


If nothing works:


Option: Replace RDP Session Shell Temporarily


As a test, set the shell to something like cmd.exe via GPO or:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="cmd.exe"

This may allow RDP login without DWM/Explorer launching. If successful, DWM/Explorer are the culprits.




Let me know what works or what you see when trying these steps. We'll tighten the scope from there - the 0xc0000005 access violation inside a Hyper-V VM is likely fixable with a registry patch, session reset, or user profile swap.