пятница, 23 февраля 2024 г.

RDP shadow connection черный экран

Problem

If you are an administrator who uses shadow view to remotely view or control user sessions on Windows Server 2022, you may encounter a problem where the shadow view shows a black screen instead of the user’s desktop. This can be frustrating and prevent you from providing remote assistance or monitoring user activity. In this article, we will explain what causes this problem and how to fix it using various methods.

What is Shadow View and How Does It Work?

Shadow view is a feature of Remote Desktop Services (RDS) that allows administrators to remotely connect to user sessions on Windows computers. This feature is similar to Remote Assistance and can be used to provide technical support, troubleshoot problems, or monitor user behavior. Shadow view can be configured to allow full control or view-only access to the user’s session, with or without the user’s permission.

To use shadow view, you need to enable Remote Desktop (RDP) on the user’s computer, add your account to the local Administrators group on the user’s computer, and configure the shadow connection mode through Group Policy or registry settings. You also need to allow incoming shadow connection traffic through Windows Defender Firewall by enabling the File and Printer Sharing (SMB-In) and Remote Desktop – Shadow (TCP-In) rules.

To initiate a shadow view connection, you can use the Server Manager console, the Remote Desktop Services Manager tool, or the mstsc command with the /shadow parameter. You need to specify the session ID or the user name of the session you want to connect to. You can also use the /control or /noConsentPrompt switches to control the user’s session or bypass the user’s permission.

What Causes the Black Screen Issue in Shadow View?

There are several possible reasons why the shadow view shows a black screen instead of the user’s desktop. Some of the common causes are:

  • The user’s session is locked or disconnected. If the user has locked or disconnected their session, you will not be able to see their desktop in the shadow view. You can try to unlock or reconnect the user’s session using the Remote Desktop Services Manager tool or the qwinsta and rwinsta commands.
  • The user’s session is running in a different display mode. If the user’s session is running in a different display mode than the default one, such as spanned or multi-monitor mode, you may not be able to see their desktop in the shadow view. You can try to change the display mode of the user’s session using the Remote Desktop Services Manager tool or the tscon command.
  • The user’s session is using a different graphics driver. If the user’s session is using a different graphics driver than the default one, such as WDDM or XDDM, you may not be able to see their desktop in the shadow view. You can try to change the graphics driver of the user’s session using the Group Policy setting Use WDDM graphics display driver for Remote Desktop Connections or the registry value UseWDDM under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services.
  • The user’s session is corrupted or has a profile issue. If the user’s session is corrupted or has a profile issue, such as a missing or damaged registry hive, you may not be able to see their desktop in the shadow view. You can try to delete and recreate the user’s profile using the User Profiles control panel or the delprof2 tool.
  • The firewall is blocking the shadow connection traffic. If the firewall is blocking the shadow connection traffic, you will not be able to establish a shadow view connection to the user’s session. You need to make sure that the firewall is allowing the ports that the shadow connection uses, which are 139/TCP, 445/TCP, and a range of dynamic RPC ports (from 49152 to 65535). You can check and modify the firewall rules using the Windows Defender Firewall control panel or the netsh advfirewall command.
  • The certificate is invalid or expired. If the certificate that the Remote Desktop Gateway uses to secure the shadow connection is invalid or expired, you will not be able to establish a shadow view connection to the user’s session. You need to make sure that the certificate is valid and up to date, and that it matches the name or IP address of the Remote Desktop Gateway. You can check and renew the certificate using the Remote Desktop Gateway Manager tool or the certreq command.

How to Fix the Black Screen Issue in Shadow View?

Depending on the cause of the problem, you can try one or more of the following methods to fix the black screen issue in shadow view:

Solution 1: Unlock or reconnect the user’s session

If the user’s session is locked or disconnected, you can try to unlock or reconnect it using the Remote Desktop Services Manager tool or the qwinsta and rwinsta commands. To do this, follow these steps:

  1. Open the Remote Desktop Services Manager tool from the Administrative Tools menu or by running tsadmin.msc.
  2. In the left pane, expand the server name and click Sessions.
  3. In the right pane, right-click the user’s session and select Connect or Remote Control.

Alternatively, you can open a command prompt and run the following commands:

  • qwinsta /server:<server_name> to list the sessions on the server.
  • rwinsta /server:<server_name> <session_id> to reset the session with the specified ID.

Solution 2: Change the display mode of the user’s session

If the user’s session is running in a different display mode than the default one, such as spanned or multi-monitor mode, you can try to change it to the default mode using the Remote Desktop Services Manager tool or the tscon command. To do this, follow these steps:

  1. Open the Remote Desktop Services Manager tool from the Administrative Tools menu or by running tsadmin.msc.
  2. In the left pane, expand the server name and click Sessions.
  3. In the right pane, right-click the user’s session and select Properties.
  4. In the Session Properties dialog box, click the Remote Control tab.
  5. Under Display mode, select Default and click OK.

Alternatively, you can open a command prompt and run the following command:

  • tscon <session_id> /dest:console to switch the session to the default display mode.

Solution 3: Change the graphics driver of the user’s session

If the user’s session is using a different graphics driver than the default one, such as WDDM or XDDM, you can try to change it to the default one using the Group Policy setting Use WDDM graphics display driver for Remote Desktop Connections or the registry value UseWDDM under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. To do this, follow these steps:

  1. Open the Group Policy Editor tool from the Administrative Tools menu or by running gpedit.msc.
  2. In the left pane, navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Session Host > Remote Session Environment.
  3. In the right pane, double-click the Use WDDM graphics display driver for Remote Desktop Connections setting.
  4. In the Use WDDM graphics display driver for Remote Desktop Connections dialog box, select Enabled or Disabled depending on the graphics driver you want to use and click OK.
  5. Alternatively, you can open a registry editor and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services.
  6. In the right pane, right-click an empty space and select New > DWORD (32-bit) Value.
  7. Name the new value UseWDDM and set its data to 1 or 0 depending on the graphics driver you want to use.
  8. Restart the user’s session for the changes to take effect.

Solution 4: Delete and recreate the user’s profile

If the user’s session is corrupted or has a profile issue, such as a missing or damaged registry hive, you can try to delete and recreate the user’s profile using the User Profiles control panel or the delprof2 tool. To do this, follow these steps:

  1. Open the User Profiles control panel from the System Properties dialog box or by running sysdm.cpl.
  2. In the User Profiles dialog box, select the user’s profile and click Delete.
  3. Alternatively, you can download and run the delprof2 tool from https://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/.
  4. Run the following command to delete the user’s profile: delprof2 /u /id:<user_name>
  5. Log on to the user’s computer again to create a new profile.

Solution 5: Allow the shadow connection traffic through the firewall

If the firewall is blocking the shadow connection traffic, you need to allow the ports that the shadow connection uses, which are 139/TCP, 445/TCP, and a range of dynamic RPC ports (from 49152 to 65535). You can check and modify the firewall rules using the Windows Defender Firewall control panel or the netsh advfirewall command. To do this, follow these steps:

  1. Open the Windows Defender Firewall control panel from the Control Panel or by running firewall.cpl.
  2. In the left pane, click Advanced settings.
  3. In the Windows Defender Firewall with Advanced Security window, click Inbound Rules in the left pane.
  4. In the right pane, scroll down and find the File and Printer Sharing (SMB-In) and Remote Desktop – Shadow (TCP-In) rules.
  5. Right-click each rule and select Enable Rule.

Alternatively, you can open a command prompt and run the following commands to enable the firewall rules:

xxx- netsh advfirewall firewall set rule name=“File and Printer Sharing (SMB-In)” new enable=yes – netsh advfirewall firewall set rule name=“Remote Desktop – Shadow (TCP-In)” new enable=yes

Solution 6: Check and renew the certificate

If the certificate that the Remote Desktop Gateway uses to secure the shadow connection is invalid or expired, you need to check and renew the certificate using the Remote Desktop Gateway Manager tool or the certreq command. To do this, follow these steps:

  1. Open the Remote Desktop Gateway Manager tool from the Administrative Tools menu or by running tsgateway.msc.
  2. In the left pane, expand the server name and click Properties.
  3. In the Properties dialog box, click the SSL Certificate tab.
  4. Under Installed certificate, click View to check the details of the certificate, such as the expiration date, the subject name, and the issuer name.
  5. If the certificate is invalid or expired, click Select Existing Certificate or Import Certificate to choose or import a new certificate that matches the name or IP address of the Remote Desktop Gateway.

Alternatively, you can open a command prompt and run the following commands to request and install a new certificate from a certification authority (CA):

  • certreq -new request.inf request.req to create a certificate request file based on the request.inf file that contains the information about the certificate, such as the subject name, the key size, and the extensions.
  • certreq -submit -config <CA_server_name><CA_name> request.req cert.cer to submit the certificate request file to the CA and save the issued certificate file as cert.cer.
  • certreq -accept cert.cer to install the certificate on the local computer.

Frequently Asked Questions (FAQs)

Question: How do I enable shadow view on Windows Server 2022?

Answer: You need to enable Remote Desktop (RDP) on the user’s computer, add your account to the local Administrators group on the user’s computer, and configure the shadow connection mode through Group Policy or registry settings. You also need to allow incoming shadow connection traffic through Windows Defender Firewall by enabling the File and Printer Sharing (SMB-In) and Remote Desktop – Shadow (TCP-In) rules.

Question: How do I initiate a shadow view connection on Windows Server 2022?

Answer: You can use the Server Manager console, the Remote Desktop Services Manager tool, or the mstsc command with the /shadow parameter. You need to specify the session ID or the user name of the session you want to connect to. You can also use the /control or /noConsentPrompt switches to control the user’s session or bypass the user’s permission.

Question: How do I end a shadow view connection on Windows Server 2022?

Answer: You can use the Ctrl+* shortcut to end the shadow view connection. You can also use the Remote Desktop Services Manager tool or the tsdiscon command to disconnect the user’s session.

Summary

In this article, we have explained what shadow view is and how it works, what causes the black screen issue in shadow view, and how to fix it using various methods. We hope that this article has helped you to troubleshoot and resolve the black screen issue in shadow view on Windows Server 2022. If you have any questions or feedback, please leave a comment below.

Disclaimer: This article is for informational purposes only and does not constitute professional advice. Please consult a qualified IT expert before making any changes to your system. We are not responsible for any damage or loss caused by following the instructions in this article. 

Источник: 

https://pupuweb.com/how-fix-black-screen-shadow-view-active-sessions-windows-server-2022/#How_to_Fix_the_Black_Screen_Issue_in_Shadow_View


Нетрадиционные способы лечения:

https://www.reddit.com/r/sysadmin/comments/11pzji9/server_2022_remote_app_issues/

By -
Ярлыки:

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)