Error: “A Device Attached to the System is Not Functioning” While Reconnecting To Previous Session

Solution 1

KB2661332

Csrss.exe has a deadlock with Microsoft Excel or Microsoft Visio

https://support.microsoft.com/zh-cn/help/2661332/you-cannot-reestablish-a-remote-desktop-services-session-to-a-windows-server-2008-r2-based-server

Solution 2

KB2383928

The issue occurs because of a problem in the Win32k.sys driver.

If a remote desktop session exits before the session is completely initialized, the state change notification of the session is not sent to the third-party driver. In this situation, the driver can leak resources, such as a system thread, in the context of Csrss.exe because the third-party driver cannot unload. The leaked thread causes the remote desktop session not to exit completely. After the computer is running in this status for some time, the Local Session Manager (Lsm.exe) blocks new incoming connections. Additionally, these orphaned sessions also cause the shutdown process to stop responding. Therefore, you experience the issue that is described in the “Symptoms” section.

https://support.microsoft.com/zh-cn/help/2383928/remote-desktop-sessions-do-not-completely-exit,-and-you-cannot-establish-new-remote-desktop-sessions-to-a-computer-that-is-running-windows-server-2008-r2

Solution 3

https://support.microsoft.com/en-us/help/933664/error-message-when-you-try-to-connect-to-a-shared-resource-from-a-windows-vista-based-client-computer-a-device-attached-to-the-system-is-not-functioning

Solution 4

Configure session idle and disconnect policy in studio or MS policy for the VDI. That is logoff the session after disconnect for sometime

Related:

  • No Related Posts

Profile Management: File Type Association (FTA) Fails to Roam on Windows 10 and Windows Server 2016

On Windows 10 and Windows Server 2016, Microsoft introduced a new security mechanism to check settings of default applications in the registry. Occasionally, the Windows Profile Service changes the security settings of the user registry entry. As a result, the settings of default applications are reset to Microsoft recommended defaults.

When testing Windows 10 and Windows Server 2016 without a VDA installed, this issue does not happen. Citrix is working with Microsoft to provide a long term solution. In the meantime, use the following workaround to avoid this issue.

Related:

  • No Related Posts

Recommended Hotfixes for XenApp 7.x

The following Citrix and Microsoft hotfixes are found to resolve the most common issues with XenApp/XenDesktop 7.6, and XenApp/XenDesktop 7.5 running on a Windows Server 2008 R2 or a Windows Server 2012 R2 platform. These hotfixes focus on basic functionality and stability.

Note :

1. Fixes for Current Releases will likely be released in the next Current Release; therefore, it is less likely that an individual fix would be released for a Current Release version. You may be asked to upgrade to the next version of a Current Release that includes the requested fix and new functionality.

2. This article aims to describe the recommended hotfixes before Citrix LTSR(7.6.300) and Citrix CR(7.7~7.14). Please go to docs.citrix.com for more hotfixes regarding LTSR and CR.

Issue: Attempts to restart the Citrix Device Redirector Service from within a VDA or RDP session can cause the service to remain in an unresponsive state rather than actually restarting.

Available Software Updates:

ICAWS760WX64047 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit) – English
ICAWS760WX86047 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English
ICATS760WX64053 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

Issue:

  • The operating system experiences an error on picadm.sys and a blue screen appears with stop code 0x20.
  • A deadlock on picadm.sys can cause published applications to become unresponsive.
  • The operating system experiences an error on picadm.sys and a blue screen appears with stop code 0x50.
  • The VDA might become unresponsive at the “Welcome” screen due to a deadlock on picadm.sys.
  • Remote Desktop (RDP) connections to the server fail.

Available Software Update:

ICATS760WX64048 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue: Certain third-party published applications might fail to start on XenApp servers. As a result, the wfshell.exe process might close unexpectedly. When this error occurs, no indication that the session is starting or error messages appear on the user device.

Available Software Updates:

ICAWS760WX64042 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit)-English
ICAWS760WX86042 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English
ICATS760WX64040 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue: Citrix XenApp 7.6 and XenDesktop 7.6 VDA Core Services running on Windows Server 2008 R2 (Server OS) might become unresponsive at the “Welcome” screen. If this occurs, new Receiver and Remote Desktop (RDP) connections to the server fail.

Available Software Updates:

ICAWS760WX64026 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit) – English
ICAWS760WX86026 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English
ICATS760WX64032 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue: The Citrix Stack Control service quits unexpectedly if there is an invalid session key.

Available Software Update:

ICATS760WX64006 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

XenApp 7.5/ 7.1

Issue:

  • The memory consumption of the Monitoring Service can grow steadily until the service stops responding to requests from Director, eventually rendering Director unresponsive as well.
  • If the resource name (display name) changes on the Delivery Controller, users who previously subscribed to the applications cannot start the applications.
  • If you create virtual machines (VM) with Desktop Studio that uses Machine Creation Services and the VMs are hosted on a VMware hypervisor, attempts to update VMs that are part of the machine catalog fail.

Available Software Updates:

Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x64 – English
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x86 – English

_______________________________________________________

Issue:

  • VDAs can becomes stuck in the “initializing” state of registration process. The issue occurs after the Citrix Desktop Service is running for several days without being restarted.
  • When the function “CName” is enabled, VDA registration can take excessively long.

Available Software Updates:

BrokerAgent750WX64003 – For Broker Agent 7.1/7.5 for Windows OS (64-bit) – English
BrokerAgent750WX86003 – For Broker Agent 7.1/7.5 for Windows OS (32-bit) – English

_______________________________________________________

Issue: Installing hotfixes for XenApp 7.5, and XenDesktop 7.1 and 7.5 VDA Core Services for Windows Desktop and Server OS released before September 2014 causes the ICA Session performance monitor counter to be removed. This can have an adverse effect on the operation of tools and processes that rely on these counters.

Available Software Updates:

ICAWS750WX64011 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (64-bit) – English
ICAWS750WX86011 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (32-bit) – English
ICATS750WX64011 – For VDA Core Services 7.1/7.5 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue:The Citrix Print Manager Service (CpSvc.exe) process might exit unexpectedly.

Available Software Updates:

ICAWS750WX64019 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (64-bit) – English
ICAWS750WX86019 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (32-bit) – English
ICATS750WX64019 – For VDA Core Services 7.1/7.5 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue:

  • This fix addresses an intermittent high memory utilization issue of the Broker Service on the Controller.
  • This fix addresses a memory consumption issue of the Monitoring Service.

Available Software Updates:

Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x64 – English
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x86 – English

Note:

Refer to the complete list of all the available HotFixes for

XenApp 7.6 64-bit32-bit

XenApp 7.5 64-bit32-bit

Microsoft HotFixes (including links to Microsoft HotFix list)

Windows Server 2012 R2 contains most of the following hotfixes (exceptions noted inline). Microsoft has published the following KB article specific to Remote Desktop Services: Available Updates for Remote Desktop Services (Terminal Services) in Windows Server 2012 R2. For Microsoft Hotfixes applicable to the Windows Server 2008 R2 and the Windows 7 platforms, see the “Microsoft Hotfixes” section in the following article: CTX129229 – Recommended Hotfixes for XenApp 6.x on Windows Server 2008 R2.

Note: The descriptions of the Microsoft fixes listed in this article (CTX142357) might not match the descriptions in the Microsoft articles for the following Microsoft fixes. This is not an error. The issue description listed by Citrix in the following matrix was resolved by an earlier version of that file however it has been superseded by the article/fix currently listed.

KB Number Issue description
KB3033929
  • UPM driver load breaks if this KB is not applied.
KB3078676 – NEW
  • This article describes an issue in which even 1530 is logged, and user profile service (ProfSvc) leaks paged pool memory and handles in Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2. This issue occurs if the ProfSvc service loads and then unloads a user profile. Additionally, the following event is logged in the Event viewer: Event ID 1530. Description: Windows detects your registry file is still in use by other applications or servers. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
KB3127673 – NEW
  • The Stop error 0x000000C2 might be caused by an error handling issue in the win32k.sys file.
  • The Stop error 0x0000003B might be caused by a synchronization issue in the dcgkrnl.sys file.
  • The parameters in Stop error messages may vary, depending on the configuration of the computer.
  • Not all “Stop 0x000000C2” errors or “Stop 0x0000003B” errors are caused by one of these issues.
KB3055615 – NEW
  • A windows Server 2012 R2 Server becomes slow and unresponsive if update 2927901 is installed.
  • You have update 2927901 installed on a Windows Server 2012 R2 server.
  • You have users who frequently log in and log off the server through Remote Desktop.
KB3013769
  • Memory leak occurs when you create or delete CSV snapshots by using a VSS hardware provider
  • IIS crashes occasionally when a request is sent to a default document in Windows 8.1 or Windows Server 2012 R2
  • You receive Stop error 0xD1 in Windows Server 2012 R2 or Windows 8
  • Device does not exist error after you reinsert a USB COM port device
KB2978367
  • Remote Desktop session freezes when you run an application in the session in Windows 8.1 or Windows Server 2012 R2.
KB2967077
  • A network printer is deleted unexpectedly in Windows
KB2895698
  • Users who have the remote audio setting enabled cause the RD Session Host servers to freeze intermittently in Windows Server 2012 R2 or Windows Server 2008 R2 SP1
KB2896328
  • You are logged on with a temporary profile to a remote desktop session after an unexpected restart of Windows Server 2012
KB2852483
  • Memory leak occurs in the Dwm.exe process on a Remote Desktop computer that is running Windows 8 or Windows Server 2012
KB2995388
  • Memory leak occurs when you play mp4 files in Windows 8.1 or Windows Server 2012 R2
  • Computer freezes when you switch to another account in Windows 8.1 or Windows Server 2012 R2
  • An NTFS volume is flagged as dirty after each restart, and CHKDSK can find no issues
  • Print jobs are intermittently processed slowly through Windows 8.1-based or Windows Server 2012 R2-based printer servers
  • Network printers that use TCP/IP port cannot print after first document has printed in Windows

Related:

  • No Related Posts

Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

microsoft cryptography encryption

Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.

Windows 10 security: 'So good, it can block zero-days without being patched'

Windows 10 security: ‘So good, it can block zero-days without being patched’

Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found.

Read More

There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.

More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.

This month, we have RCEs in Microsoft products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.

The highest-rated of these bugs, and the ones most likely to come under exploitation, are the RCE bugs impacting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).

Patching these first is advised, as, through their nature, Exchange and SharePoint systems are regularly connected to the internet and, as a result, are more easily attacked.

Another major bug fixed this month is also a bug in Hyper-V, Microsoft’s virtualization technology, used to host virtual machines. Exploitable via a malicious SMB packet, this bug could allow remote attackers to compromise virtualized sandboxed environments, something that Hyper-V was designed to protect.


Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has published this file listing all this month’s security advisories on one single page.
  • Adobe’s security updates are detailed here.
  • SAP security updates are available here.
  • Intel security updates are available here.
  • VMWare security updates are available here.
  • Chrome 87 security updates are detailed here.
  • Android security updates are available here.
Tag CVE ID CVE Title
Microsoft Windows DNS ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOps CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability
Azure SDK CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability
Azure SDK CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability
Azure Sphere CVE-2020-17160 Azure Sphere Security Feature Bypass Vulnerability
Microsoft Dynamics CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft Dynamics CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Edge CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability
Microsoft Office CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Office CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual Studio CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability
Windows Backup Engine CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error Reporting CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-V CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability
Windows Lock Screen CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability
Windows Media CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMB CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability
Windows SMB CVE-2020-17140 Windows SMB Information Disclosure Vulnerability