Multiple RDP (Remote Desktop) sessions on Windows 8

Windows 8 Pro (as well as all previous Windows client OS version) allows only one concurrent user session. This means you can't connect via Remote Desktop if local user is already logged on. Normally it's not a problem on a client machine, but in some cases you may want ability to login concurrently. A good example is a Media Centre PC when somebody watches a movie and you want to access the machine without interrupting the movie.

To have multiple RDP sessions working your need to make some modifications to the termsrv.dll file. There are tools that do these changes automatically, but they often come from dubious sources and it's difficult to be sure that they are completely safe. This article shows how to modify termsrv.dll file yourself.

termsrv.dll file is normally located in C:\Windows\System32 folder. Before modifying this file for the first time, you need to take ownership and assign yourself read/write permissions. You also need to stop Remote Desktop service (TermService).

Once this is done, it's simply a question of opening termsrv.dll with a HEX editor and changing small part of the file. Always backup the original file before making changes.

Certain Windows updates can replace your patched version of termsrv.dll. This doesn't happen very often, but if you let Windows update automatically, be prepared to loose multiple RDP sessions at any time.

Windows 8.1 (64bit)

In original version of Windows 8.1 (64bit), you need to replace:

8B 81 38 06 00 00 39 81 3C 06 00 00 0F 84 1B 70 00 00

with

B8 00 01 00 00 89 81 38 06 00 00 90 90 90 90 90 90 90

Here are the patched bits:

Readily patched version can be download from here.

If something goes wrong and you want to revert, original unpatched termsrv.dll v6.3.9600.16384 can be downloaded from here.

Note: This was tested and works with Windows 8.1 Pro RTM 64bit.

July 2014 update for Windows 8.1 (64bit)

One of the Windows updates installed on 9th of July updated termsrv.dll file from version 6.3.9600.16384 to 6.3.9600.17095. File size also changed from 1,032,704 bytes to 1,018,880 bytes. This naturally broke the previous termsrv.dll patch.

To restore concurrent RDP sessions, use any HEX editor and replace:

39 81 3C 06 00 00 0F 84 9E 31 05 00

with

B8 00 01 00 00 89 81 38 06 00 00 90

Or just download a patched version from here. You will need to stop Remote Desktop services and possibly take ownership of termsrv.dll before you can update it.

Original unpatched v6.3.9600.17095 can be downloaded from here.

Note: This was tested and works with Windows 8.1 Pro RTM 64bit.

November 2014 update for Windows 8.1

(64bit)

Windows updates now updated termsrv.dll file from version 6.3.9600.17095 to 6.3.9600.17415. File size changed from 1,018,880 bytes bytes to 1,114,624 bytes.

To restore concurrent RDP sessions, use any HEX editor and replace:

39 81 3C 06 00 00 0F 84 D3 1E 02 00

with

B8 00 01 00 00 89 81 38 06 00 00 90

You can download a patched version from here. You will need to stop Remote Desktop services and possibly take ownership of termsrv.dll before you can update it.

Original unpatched v6.3.9600.17415 can be downloaded from here.

(32bit)

I don't have any 32bit machines and haven't tested this myself, but guys on mydigitallife forums suggest to replace:

3B 81 20 03 00 00 0F 84 2A D5 00 00

with

B8 00 01 00 00 89 81 20 03 00 00 90

Update May 2015

As of 05.2015, the same November 2014 patch is still working on up to date Windows 8.1. termsrv.dll is still on version 6.3.9600.17415.

Comments

# Joe 2015-08-26 22:34

Hi,
My changes were overwritten with upgrade to Windows 10 Pro. And the new trmserv.dll is a different version/size in win10.

How to patch this new version for concurrent use?

Thanks!

# admin 2015-08-27 08:12

www.mysysadmintips.com/windows/clients/545-multiple-rdp-remote-desktop-sessions-in-windows-10

# Joe 2015-08-26 22:41

The file version is 10.0.10240.1638 4

+1 # itsme 2015-08-05 20:52

has anyone gotten the shadow session stuff to work in win 10?

# admin 2015-08-27 08:13

www.mysysadmintips.com/windows/clients/545-multiple-rdp-remote-desktop-sessions-in-windows-10

# Prado 2015-08-02 12:16

How to know which part should I change

+1 # casper 2015-07-30 17:54

Anybody know the hex values for windows 10 64bit release build?

# Selye 2015-08-03 22:42

orig
39 81 3C 06 00 00 0F 84 73 42 02 00

new
B8 00 01 00 00 89 81 38 06 00 00 90

# Alex 2015-08-15 22:57

How do you know what's the HEX String? it Works!!!!!

How can I decode the termsrv.dll so I can understand which is the string?

Thanks!

+1 # S 2015-07-14 22:55

Fix for Windows 10 64-bit build 10162:

termsrv.dll - version 10.0.10162.0

Original:
39 81 3C 06 00 00 0F 84 97 0E 03 00

New:
B8 00 01 00 00 89 81 38 06 00 00 90

# ralf 2015-06-13 09:56

i think it doesent work anymore

# Kinburn 2015-04-05 11:21

Anybody know the hex values for windows 10 TP 64bit build 10041?

# Damme 2015-04-01 11:41

Win 10 build 10049:

orginal:
0cf80: 81 38 06 00 00 39 81 3c
0cf88: 06 00 00 0f 8f 25 fd 02
0cf90: 00

14ff0: ff 01 00 bb 01 00 00 00
edited:
0cf80: 81 38 06 00 00 b8 00 01
0cf88: 00 00 89 81 38 06 00 00
0cf90: 90
14ff0: ff 01 00 bb 00 00 00 00

# Pete 2015-03-30 15:03

Something happends again and messed up termsrv.dll

+1 # Nick 2015-01-08 20:57

dll's were tested on Windows 7 SP1 Home Premium And Ultimate x32 and x64. All worked fine!

W7-SP1-RTM-RDP-v4_17514.zip
http://rusfolder.com/42710020

W7-SP1-RTM-RDP-v5_18540.zip
http://rusfolder.com/42710021

W7-SP1-RTM-RDP-v6_18637.zip
http://rusfolder.com/42710022

+2 # abeng 2014-12-27 12:24

hey man, it's worked... thanks ur great job

+10 # Logan 2014-12-11 14:35

RDP Wrapper enables Remote Desktop and supports any OS from Vista to Threshold (Technical Preview).

And it doesn't modify system files, so you don't violate the license agreement.

Source code is open and licensed under Apache 2.0, see here:
https://github.com/binarymaster/rdpwrap/releases/

# TiCaL 2014-12-02 17:01

Windows 10 64-bit build 6.4.9879
termsrv.dll Patch

Search

BB01000000C7

Replace

BB00000000C7

Search

39813C0600000F846F970200

Replace

B80001000089813806000090

# Ants 2014-11-26 14:57

Works finne!

Thanks

+1 # Adam 2014-11-25 15:12

Oh no sorry, wasn't intended to be like that at all, was just busy that night.

Here is what I did to edit the x64 9.3.9600.17415 termsrv.dll file:

Change this HEX:
39 81 3C 06 00 00 0F 84 D3 1E 02 00

To:
B8 00 01 00 00 89 81 38 06 00 00 90

I couldnt find the other two lines which I believe give the ability to have the same user logged in simultaneously but I dont use that as I use a seperate account for the Console session and another for each Remote Desktop Login.

+1 # Adam 2014-11-25 15:15

Quoting Adam:

Oh no sorry, wasn't intended to be like that at all, was just busy that night.

Here is what I did to edit the x64 9.3.9600.17415 termsrv.dll file:

Change this HEX:
39 81 3C 06 00 00 0F 84 D3 1E 02 00

To:
B8 00 01 00 00 89 81 38 06 00 00 90

I couldnt find the other two lines which I believe give the ability to have the same user logged in simultaneously but I dont use that as I use a seperate account for the Console session and another for each Remote Desktop Login.

Oh and just incase it helps, here is a link to a pre modded one:

http://www.datafilehost.com/d/367b5fcb

# stanto 2014-11-25 15:21

Thanks I am trying !Which hex editor you've used?

# Adam 2014-11-22 23:14

Anyone able to help with the new Windows 8.1 Update that applied a new termsrv.dll (9.3.9600.17415)

datafilehost.com/d/538e20c5

-1 # Adam 2014-11-22 23:26

Ignore me, i've hexed it myself

+1 # stanto 2014-11-25 13:55

how you hexed it for 9.3.9600.17415

# John 2014-11-25 14:57

Ya love that. "Oh I fixed it but not going to tell everyone else that comes across this. hahah"

# ruglovi 2014-11-14 13:24

New version of termsrv.dll 6.1.7601.18637 WINDOWS7 pro x86

HEX replacements what should I do?

# Jim P. 2014-11-17 22:26

Quoting ruglovi:

New version of termsrv.dll 6.1.7601.18637 WINDOWS7 pro x86

HEX replacements what should I do?

Just found a W7sp1 64-bit with termsrv.dll vers. 6.1.7601.18637

For now I put in 6.1.7601.18540 patched with the 3 strings given above by strongbox on 10-21-2014, and this restored concurrent RPD for now. I'm concerned this may upset WUpdate or TrustedWhatsit, and it would be nice to get strings for 18637. (Also, if I patch systems that are still on 18540, that too may soon get clobbered by auto-update to 18637, right?)

+2 # Uwe 2014-10-23 15:59

Thank you all for supporting this patches!

Until patch is also available for Win8UltimateX64 (termsrv.dll versions 17048/21166) i succeed by uninstalling "bad" update kb2973501 and running the old patch again:

Check for "bad" update:
wmic qfe where "hotfixid like '%%2973501%%'" get hotfixid,installedOn
Uninstall "bad" update(Only local! Does not work remotely via winexe/ssh):
wusa /uninstall /kb:976002 /quiet /norestart /log:kb976002.log
Uninstall alternative (DOES work remotely via winexe/ssh):
dism /Online /Get-Packages | findstr 2973501
DISM.exe /Online /Remove-Package /PackageName:Pa ckage_for_KB297 3501~31bf3856ad 364e35~amd64~~6 .2.1.4

+3 # Strongbow 2014-10-21 14:40

Hex replacements for termsrv.dll version 17514, 32bit:
Find: 3b 86 20 03 00 00 0f 84 ff 14 01 00 57 6a 20 e8 @19153
Repl: b8 00 01 00 00 90 89 86 20 03 00 00 57 6a 20 e8

Find: 85 e0 fe ff ff 43 50 c7 85 e0 fe ff ff 1c 01 00 @19898
Repl: 85 e0 fe ff ff 90 50 c7 85 e0 fe ff ff 1c 01 00

Find: f8 74 2f 68 88 62 34 6f @655e4
Repl: f8 e9 2c 00 00 00 34 6f

+1 # Replacements 2014-12-11 16:42

Hex replacements for termsrv.dll version 18637, 32bit:
Find: 3b 86 20 03 00 00 0f 84 df 14 01 00 57 6a 20 e8
Repl: b8 00 01 00 00 90 89 86 20 03 00 00 57 6a 20 e8

Find: 85 e0 fe ff ff 43 50 c7 85 e0 fe ff ff 1c 01 00
Repl: 85 e0 fe ff ff 90 50 c7 85 e0 fe ff ff 1c 01 00

I did both these replacements as well.

Find: f8 74 1a 68 b8 67 34 6f
Repl: f8 e9 2c 00 00 00 34 6f

Find: f8 74 2f 68 40 6a 34 6f
Repl: f8 e9 2c 00 00 00 34 6f

Tested and working.

# Nick 2015-01-08 00:03

Can you upload patched version of x86 18637 here?
Thanks a lot!

# neosel 2014-12-24 03:23

for Windows 7 x64 termsrv.dll 18637 64bit
similar to 18540, just find

Find: 8b 87 38 06 00 00 39 87 3c 06 00 00 0f 84 eb c2 00 00
Repl: b8 00 01 00 00 90 89 87 38 06 00 00 90 90 90 90 90 90

Find: 60 bb 01 00 00 00 c7 44
Repl: 60 bb 00 00 00 00 c7 44

Find: 50 01 76 1b 48 8d 15 49
Repl: 50 00 eb 1b 48 8d 15 49

# Andrew 2014-12-20 19:18

in my x64 version 18637 dll not contains these replacements.

# neosel 2014-12-24 04:20

+4 # Strongbow 2014-10-21 14:40

Hex replacements for termsrv.dll version 17514, 64bit:
Find: 8b 87 38 06 00 00 39 87 3c 06 00 00 0f 84 5e c3 00 00
Repl: b8 00 01 00 00 90 89 87 38 06 00 00 90 90 90 90 90 90

Find: 60 bb 01 00 00 00 c7 44
Repl: 60 bb 00 00 00 00 c7 44

Find: 50 00 74 18 48 8d 15 79
Repl: 50 00 eb 18 48 8d 15 79

+4 # Strongbow 2014-10-21 14:38

Hex replacements for termsrv.dll version 18540, 32bit:
Find: 3b 86 20 03 00 00 0f 84 03 15 01 00 57 6a 20 e8 @1919f
Repl: b8 00 01 00 00 90 89 86 20 03 00 00 57 6a 20 e8

Find: 85 e0 fe ff ff 43 50 c7 85 e0 fe ff ff 1c 01 00 @198e0
Repl: 85 e0 fe ff ff 90 50 c7 85 e0 fe ff ff 1c 01 00

Find: f8 74 1a 68 80 65 34 6f @657c7
Repl: f8 e9 2c 00 00 00 34 6f

+4 # Strongbow 2014-10-21 14:37

Hex replacements for termsrv.dll version 18540, 64bit:
Find: 8b 87 38 06 00 00 39 87 3c 06 00 00 0f 84 2f c3 00 00 @1727C
Repl: b8 00 01 00 00 90 89 87 38 06 00 00 90 90 90 90 90 90

Find: 60 bb 01 00 00 00 c7 44 @17604
Repl: 60 bb 00 00 00 00 c7 44

Find: 50 01 76 1b 48 8d 15 79 @57dac
Repl: 50 00 eb 1b 48 8d 15 79

+1 # Sheana 2014-10-19 18:21

HAS ANYONE TRIED THIS ON Server 2012????

# fantomas 2014-10-21 08:39

Yes it works on 2012 R2 with update 1

# Maarten 2014-10-19 17:56

I am trying to use the Windows 8 Patcher on my fresh windows 8.1 pro (with latest updates). When running the patcher I get an error at step 3. verify: Unknown Version.
Anyone has this too?

+1 # SLP 2014-10-19 14:57

After october 17-18 an update totally dropped all my computers. is there an update for this, do you have the new and old hexvalues? or a dll PLEASE VERY URGENT!

+1 # ion 2014-10-18 21:08

Hi! I have probleme with some win 7 systems after windows update since 17 oct 2014, only one connection possibile. I need a new patcher... Other sollution? Thank You!

# AJ Stevens 2014-10-18 11:47

Works like a charm!

# Windows10 2014-10-13 17:36

Hi there! Just thought I'd let everyone know that the last 8.1 patch works on Windows 10 Tech Preview

# Taha 2014-09-08 01:55

and if you want to use MIC (microphone) as well in the remote session , see tutorial here:

http://m-taha.blogspot.com/2014/08/remote-audio-and-microphone-redirection.html

+3 # Amontoth 2014-08-29 11:26

The same RDP v8 update is available for Windows 7.
I wonder if windows 7 and 8 now use the same version of termsrv.dll after updating?

I actually use patchless RDPwrapper on Windows 8.1 systems. I stick with Concurrent RDP patches for my Windows 7 x64 Home Premium and Ultimate x64 systems.
I'' update and patch if someone can confirm.

+1 # Shean 2014-08-13 18:56

Does this work with Server 2012?

# Mur 2014-08-08 21:03

Thanks, win ent 8.1 update is working perfectly.

# Whats In A Name 2014-07-30 03:52

"File size also changed from 1,018,880 bytes to 1,032,704 bytes."

I believe this statement in the article may have the file sizes reversed.

# admin 2014-07-31 08:17

This is fixed now. Thanks.

# Ed 2014-07-18 23:21

Worked perfect, Thanks!!

Windows 8.1 Enterprise x64

# admin 2014-07-16 16:58

Published updated termsrv.dll version required after 9 July Windows Update.

-2 # A friend 2014-07-11 00:18

http://forums.mydigitallife.info/threads/47610-How-to-crack-the-quot-termsrv-dll-quot-in-windows-8-1/page22?p=929281&viewfull=1#post929281

For new version:

1) for 6.3.9600.17095 version - find "39813C0600000F 849E310500" and replace to "B80001000089813806000090"

2) for 6.3.9600.17095 version - find "090085C07F078B D8" and replace to "090085C090908BD8"
3) Find "BB01000000C7" and replace to "BB00000000C7" (not changed)

# Robert8 2014-07-23 12:06

Hello!

Thank you for the help, bit i have a problem with step 3:
My hex editor can't find "BB01000000C7" OR "BB00000000C7" in the termsrv.dll 6.3.9600.17095.
Why???
Thank you!

# Lui 2014-07-11 07:52

Thanks for your information.

Do you have the solution for 32 bits same version? My multiple session RDP in Windows 8.1 PRO 32 bits do not work from 10/07/2014.

_______________ _______________ __

Quoting A friend:

http://forums.mydigitallife.info/threads/47610-How-to-crack-the-quot-termsrv-dll-quot-in-windows-8-1/page22?p=929281&viewfull=1#post929281

For new version:

1) for 6.3.9600.17095 version - find "39813C0600000F849E310500" and replace to "B80001000089813806000090"

2) for 6.3.9600.17095 version - find "090085C07F078BD8" and replace to "090085C090908BD8"
3) Find "BB01000000C7" and replace to "BB00000000C7" (not changed)

# A friend 2014-07-11 00:06

This worked perfectly but no longer. The string "8B 81 38 06 00 00 39 81 3C 06 00 00 0F 84 1B 70 00 00" is no longer in the new termsrv.dll as of last Windows Update 2-3 days ago.

Can you please help with a new update?

# Chuck 2014-06-25 20:01

Perfect!

+1 # Rikiardo 2014-05-29 22:01

Thank you, it works great. My version: Windows 8.1 Pro (last update), Spanish.

How to copy the cracked version of "termsrv.dll":

http://windowssecrets.com/forums/showthread.php/129146-How-to-enable-W7-concurrent-users

# harez 2014-05-14 03:59

i tested at win8.1 enterprise works fine perfectly, thx

# sjafka 2014-05-06 11:36

Does this work with Win 8.1 Update 1 64bit???

# pita_d 2014-04-27 14:30

I just tested on a fresh install of Win8.1 update, send it did not work. Maybe there is something carried over from the previous install when just applying the update.

# Saurav 2014-04-19 09:03

Not working in my Win 8.1

# Bill 2014-04-09 18:28

I'm not sure, but I believe this has been broken with Windows 8.1 Update 1. Can anyone confirm that this is the case (and offer a solution)?

# admin 2014-04-10 08:41

Did it? I just applied 8.1 Update to my PC and concurrent RDP still works fine. Can anyone else confirm?

-1 # Carlos Ciro 2014-03-24 20:00

Will this work if I have a local user connected and simultaneously another user connected through RDC?

# admin 2014-03-26 18:09

Yes

# Johnny 2014-02-26 01:07

I've patched the bit and set those two registry values on 8.1 Pro yet it still won't let me have concurrent sessions.

# Johnny 2014-02-26 01:17

Also, I tried the prepatched termsrv.dll linked and it still doesn't work for the same user. I can login with another user and it won't kick me off, but the same user will. Any ideas?

# RandomEvenys 2014-02-27 16:45

I don't think any version (like rdping into a server), will allow the same user. There's too much that can go wrong, just create a new account.

# G.M. Knowles 2014-02-12 07:42

Excellent - looking all over for correct instructions on this.

Thxs

# Jason Beck 2013-03-28 14:57

If you were using Windows 8 Pro in a virtual machine, as a developer workstation, would you violate any licensing agreements by allowing multiple remote sessions? (For the sake of this question, I suppose we'll just focus on the OS license, since the agreements could vary for the client software used in that environment.)

# Alex 2014-03-12 02:55

Quoting Jason Beck:

If you were using Windows 8 Pro in a virtual machine, as a developer workstation, would you violate any licensing agreements by allowing multiple remote sessions? .)

yes if you allow anyone else than the primary user of the PC to access it.

# DJ 2015-05-28 03:04

Hi alex! Nice to meet you! See you again~

Refresh comments list

JComments