Tag Archives: RDP

Microsoft, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Small Business Server 2011, Windows, Windows 7, Windows Server 2008 R2

Termsrv.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

Leave a comment

Termsrv.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

31-Aug-2012 – 6.1.7601.22104 – Termsrv.dll – x86/x64 – http://support.microsoft.com/kb/2750090 – High CPU utilization by the Svchost.exe process and the Lsm.exe process in the Remote Desktop session after you remotely connect to a computer that is running Windows 7 or Windows Server 2008 R2

24-Nov-2011 – 6.1.7601.21866 – Termsrv.dll – x64 – http://support.microsoft.com/kb/2647409 – Remote Desktop Services sessions are not kept alive as expected in Windows Server 2008 R2

28-Jan-2011 – 6.1.7601.21650 – Termsrv.dll – x64 – http://support.microsoft.com/kb/2479710 – Remote Desktop service crashes when Group Policy settings are refreshed in Windows Server 2008 R2 after you enable the “Required secure RPC communication” and “Set client connection encryption level” Group Policy settings

Microsoft, SBS 2008, Service Pack 2, Service Pack 2, Service Pack 2, Small Business Server 2008, Windows, Windows Server 2008

Termsrv.dll – Pre Service Pack 3 Revision History for Windows Server 2008 SP2 and Windows Small Business Server 2008 (SBS 2008)

Leave a comment

Termsrv.dll – Pre Service Pack 3 Revision History for Windows Server 2008 SP2 and Windows Small Business Server 2008 (SBS 2008)

12-May-2011 – 6.0.6002.22641 – Termsrv.dll – x86/x64 – http://support.microsoft.com/kb/2523307 – A shadowed Windows Server 2008 Terminal Services session is disconnected from a computer that is running Windows Server 2008 R2 SP1 or Windows 7 SP1

29-Oct-2010 – 6.0.6002.22515 – Termsrv.dll – x86/x64 – http://support.microsoft.com/kb/2381675 – The RemoteApp program is not terminated after the idle session time limit expires on a computer that is running Windows Server 2008

16-Feb-2010 – 6.0.6002.22340 – Termsrv.dll – x86/x64 – http://support.microsoft.com/kb/970911 – The “Terminal Services” service cannot protect a console session from being disconnected in Windows Server 2008

17-Nov-2009 – 6.0.6002.22269 – Termsrv.dll – x86/x64 – http://support.microsoft.com/kb/977541 – You are not redirected to the previously-disconnected terminal server session through the TS Session Broker service in a Windows Server 2008-based farm in TS Session Broker

Microsoft, SBS 2008, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Small Business Server 2008, Windows, Windows Server 2008, Windows Vista

Netio.sys – Pre Service Pack 3 Revision History for Windows Server 2008 SP2, Windows Vista SP2 and Windows Small Business Server 2008 (SBS 2008)

Netio.sys – Pre Service Pack 3 Revision History for Windows Server 2008 SP2, Windows Vista SP2 and Windows Small Business Server 2008 (SBS 2008)

11-May-2012 – 6.0.6002.22856 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2712746 – “0x00000019” Stop error when you run an SNMP application on a computer that is running Windows Vista or Windows Server 2008

12-Jan-2012 – 6.0.6002.22776 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/2664888 – Computer stops responding when you run an application that uses the Windows Filtering Platform API in Windows 7, Windows Server 2008 R2, Windows Server 2008, or Windows Vista

05-Apr-2010 – 6.0.6002.22377 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/981889 – A Windows Filtering Platform (WFP) driver hotfix rollup package is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

22-Mar-2010 – 6.0.6002.22369 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/979223 – A nonpaged pool memory leak occurs when you use a WFP callout driver in Windows Vista, Windows 7, Windows Server 2008, or in Windows Server 2008 R2

23-Oct-2009 – 6.0.6002.22250 – Netio.sys – x86/x64 – http://support.microsoft.com/kb/976759 – WFP drivers may cause a failure to disconnect the RDP connection to a multiprocessor computer that is running Windows Vista, Windows Server 2008, windows 7 or Windows Server 2008 R2

11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, SBS 2003, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 3, Service Pack 3, Small Business Server 2003, Small Business Server 2008, Small Business Server 2011, System Manager, Watchguard, Windows, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, WSM, XP Mode, XTM

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP).  You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections.  At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process.  You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page.  Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below).  This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds.  The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage.  In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this.  When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session.  Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion.  Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.

Resolution/Workaround:

You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites.  You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Watchguard XTM High CPU Usage scand
Watchguard XTM High CPU Usage scand