RDP Crashes After Entering Password

Question

Recently I've been trying to login to various machines via RDP and am getting the following error my Windows 10 workstation:

Faulting application name: mstsc.exe, version: 10.0.10586.0, time stamp: 0x5632d1d8
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000374
Fault offset: 0x00000000000ee71c
Faulting process id: 0x3eac
Faulting application start time: 0x01d16d6d340f9399
Faulting application path: C:\WINDOWS\system32\mstsc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

After debugging with VS 2015 it seems like a heap corruption issue.

I had/have "CSR Harmony Wireless Software Stack" version 2.1.63.0 installed. I believe that all versions of Windows (Vista and higher) are susceptible to being messed up by this thing. I had this issue on Windows 7 Pro. — William, Jul 13 '16 at 00:19

score 25 · Accepted Answer · answered Feb 22 '16 at 13:03

25

The problem was from the recent CSR harmony bluetooth driver I installed. The drivers try to add some bluetooth tag authentication which was causing the issue and RDP crashes regardless of a good or bad password.

The simple fix is to head to

C:\Program Files\CSR\CSR Harmony Wireless Software Stack

and change

BLEtokenCredentialProvider.dll

to

BLEtokenCredentialProvider.dll.BAK

And the issue is now fixed for me.

answered Feb 22 '16 at 13:03

Mike Averto

491
1
4
9

2

I was only able to tell that the faulting module was named BLEtokenCredentialProvider.dll by using Visual Studio to debug the mstsc process post-mortem. Unless this module was disabled, it was also being loaded into winlogon/logonui as part of the main windows login - scary stuff. – William Jul 13 '16 at 00:21
2

Another way to disable the BLEtokenCredentialProvider credential provider is to use [AutoRuns](https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx). Go to the Winlogon tab, and uncheck the BLEtokenCredentialProvider item. – William Jul 13 '16 at 00:24
1

Thank you! You have no idea how much time you just saved me. – Sammy Nov 29 '17 at 06:59
i was skeptical reading this but wow, it did fix it. amazing the randomness of the issues. rdp was working fine under certain accounts/computers but not under new ones. – john cs Jan 16 '23 at 22:08

score 12 · Answer 2 · answered Apr 27 '16 at 10:40

12

I had the exact same problem for months and Mike Averto's answer did the trick (thanks !).

To make it a bit less hackish, I disabled the credential provider in the registry rather than renaming the DLL:

launch regedit.exe
go to the key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
locate the subkey referring to BLEtokenCredentialProvider (5355DA8C-FE32-49b4-A567-A67535C86592 in my case)
add to it a new DWORD32 value with name "Disabled" and value 1

answered Apr 27 '16 at 10:40

Sdrik

121
1
3

Worked a treat. Just ensure that you end the task for the remote desktop before attempting to login again. My experience was that the login credentials screen kept returning and I couldn't even close that window. It always came back. – mrswadge Apr 04 '17 at 10:32
Worked for me too. What a nasty obscure error. – Sammy Nov 29 '17 at 06:59
Renaming dll and regedit creation of BLEtokenCredentialProvider and setting DWORD32 to 1 work for me as well (also was @ 5355DA8C-FE32-49b4-A567-A67535C86592) – Acer Jun 05 '20 at 03:15

user446137 · Answer 3 · 2017-11-29T07:47:12.247

1

I don't have the DLL mentioned as well as the related registry key but I found out the culprit which is the FaceCredentialProvider by trial and error.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{8AF662BF-65A0-4D0A-A540-A338A999D36F}.

edited Nov 29 '17 at 07:47

answered Nov 29 '17 at 07:30

user446137

11
2

Please explain better how to solve – Federico Galli Nov 29 '17 at 09:44

score 1 · Answer 4 · answered Mar 14 '18 at 14:50

I can confirm the FaceCredentialProvider is the problem here.

In The registry go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{8AF662BF-65A0-4D0A-A540-A338A999D36F}

There you must add a REG_DWORD named "Disabled" with value "1". Or do so by running this with administrative priviledges:

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{8AF662BF-65A0-4D0A-A540-A338A999D36F}" /v Disabled /t REG_DWORD /d 1

score 1 · Answer 5 · edited Nov 14 '18 at 19:58

1

My fix was similar - I had to disable

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{1b283861-754f-4022-ad47-a5eaaa618894}

edited Nov 14 '18 at 19:58

alexander.polomodov

1,068
3
10
14

answered Nov 14 '18 at 17:11

Conrad J palmer

11
1

score 0 · Answer 6 · answered Jun 06 '17 at 10:43

Another two penn'orth in case it helps anybody. I've just been hit by the same problem on a Win 8 machine. I'd just installed node js, but not wanting to believe this was the problem, I went through SFC & CHKDSK to try & fix it, to no avail.

Once I uninstalled node js, I could successfully RDP to the servers again - not sure how I'm going to be able to work on the project that needs node js though!

RDP Crashes After Entering Password

6 Answers6