Windows 8 Pro (as well as all previous Windows client OS version) allows only one concurrent user session. This means you can't connect via Remote Desktop if local user is already logged on. Normally it's not a problem on a client machine, but in some cases you may want ability to login concurrently. A good example is a Media Centre PC when somebody watches a movie and you want to access the machine without interrupting the movie.
To have multiple RDP sessions working your need to make some modifications to the termsrv.dll file. There are tools that do these changes automatically, but they often come from dubious sources and it's difficult to be sure that they are completely safe. This article shows how to modify termsrv.dll file yourself.
termsrv.dll file is normally located in C:\Windows\System32 folder. Before modifying this file for the first time, you need to take ownership and assign yourself read/write permissions. You also need to stop Remote Desktop service (TermService).
Once this is done, it's simply a question of opening termsrv.dll with a HEX editor and changing small part of the file. Always backup the original file before making changes.
Certain Windows updates can replace your patched version of termsrv.dll. This doesn't happen very often, but if you let Windows update automatically, be prepared to loose multiple RDP sessions at any time.
Windows 8.1 (64bit)
In original version of Windows 8.1 (64bit), you need to replace:
8B 81 38 06 00 00 39 81 3C 06 00 00 0F 84 1B 70 00 00
with
B8 00 01 00 00 89 81 38 06 00 00 90 90 90 90 90 90 90
Here are the patched bits:
Readily patched version can be download from here.
If something goes wrong and you want to revert, original unpatched termsrv.dll v6.3.9600.16384 can be downloaded from here.
Note: This was tested and works with Windows 8.1 Pro RTM 64bit.
July 2014 update for Windows 8.1 (64bit)
One of the Windows updates installed on 9th of July updated termsrv.dll file from version 6.3.9600.16384 to 6.3.9600.17095. File size also changed from 1,032,704 bytes to 1,018,880 bytes. This naturally broke the previous termsrv.dll patch.
To restore concurrent RDP sessions, use any HEX editor and replace:
39 81 3C 06 00 00 0F 84 9E 31 05 00
with
B8 00 01 00 00 89 81 38 06 00 00 90
Or just download a patched version from here. You will need to stop Remote Desktop services and possibly take ownership of termsrv.dll before you can update it.
Original unpatched v6.3.9600.17095 can be downloaded from here.
Note: This was tested and works with Windows 8.1 Pro RTM 64bit.
November 2014 update for Windows 8.1
(64bit)
Windows updates now updated termsrv.dll file from version 6.3.9600.17095 to 6.3.9600.17415. File size changed from 1,018,880 bytes bytes to 1,114,624 bytes.
To restore concurrent RDP sessions, use any HEX editor and replace:
39 81 3C 06 00 00 0F 84 D3 1E 02 00
with
B8 00 01 00 00 89 81 38 06 00 00 90
You can download a patched version from here. You will need to stop Remote Desktop services and possibly take ownership of termsrv.dll before you can update it.
Original unpatched v6.3.9600.17415 can be downloaded from here.
(32bit)
I don't have any 32bit machines and haven't tested this myself, but guys on mydigitallife forums suggest to replace:
3B 81 20 03 00 00 0F 84 2A D5 00 00
with
B8 00 01 00 00 89 81 20 03 00 00 90
Update May 2015
As of 05.2015, the same November 2014 patch is still working on up to date Windows 8.1. termsrv.dll is still on version 6.3.9600.17415.
Comments
My changes were overwritten with upgrade to Windows 10 Pro. And the new trmserv.dll is a different version/size in win10.
How to patch this new version for concurrent use?
Thanks!
39 81 3C 06 00 00 0F 84 73 42 02 00
new
B8 00 01 00 00 89 81 38 06 00 00 90
How can I decode the termsrv.dll so I can understand which is the string?
Thanks!
termsrv.dll - version 10.0.10162.0
Original:
39 81 3C 06 00 00 0F 84 97 0E 03 00
New:
B8 00 01 00 00 89 81 38 06 00 00 90
orginal:
0cf80: 81 38 06 00 00 39 81 3c
0cf88: 06 00 00 0f 8f 25 fd 02
0cf90: 00
14ff0: ff 01 00 bb 01 00 00 00
edited:
0cf80: 81 38 06 00 00 b8 00 01
0cf88: 00 00 89 81 38 06 00 00
0cf90: 90
14ff0: ff 01 00 bb 00 00 00 00
W7-SP1-RTM-RDP-v4_17514.zip
http://rusfolder.com/42710020
W7-SP1-RTM-RDP-v5_18540.zip
http://rusfolder.com/42710021
W7-SP1-RTM-RDP-v6_18637.zip
http://rusfolder.com/42710022
And it doesn't modify system files, so you don't violate the license agreement.
Source code is open and licensed under Apache 2.0, see here:
https://github.com/binarymaster/rdpwrap/releases/
termsrv.dll Patch
Search
BB01000000C7
Replace
BB00000000C7
Search
39813C0600000F846F970200
Replace
B80001000089813806000090
Thanks
Here is what I did to edit the x64 9.3.9600.17415 termsrv.dll file:
Change this HEX:
39 81 3C 06 00 00 0F 84 D3 1E 02 00
To:
B8 00 01 00 00 89 81 38 06 00 00 90
I couldnt find the other two lines which I believe give the ability to have the same user logged in simultaneously but I dont use that as I use a seperate account for the Console session and another for each Remote Desktop Login.
Oh and just incase it helps, here is a link to a pre modded one:
http://www.datafilehost.com/d/367b5fcb
datafilehost.com/d/538e20c5
HEX replacements what should I do?
Just found a W7sp1 64-bit with termsrv.dll vers. 6.1.7601.18637
For now I put in 6.1.7601.18540 patched with the 3 strings given above by strongbox on 10-21-2014, and this restored concurrent RPD for now. I'm concerned this may upset WUpdate or TrustedWhatsit, and it would be nice to get strings for 18637. (Also, if I patch systems that are still on 18540, that too may soon get clobbered by auto-update to 18637, right?)
Until patch is also available for Win8UltimateX64 (termsrv.dll versions 17048/21166) i succeed by uninstalling "bad" update kb2973501 and running the old patch again:
Check for "bad" update:
wmic qfe where "hotfixid like '%%2973501%%'" get hotfixid,installedOn
Uninstall "bad" update(Only local! Does not work remotely via winexe/ssh):
wusa /uninstall /kb:976002 /quiet /norestart /log:kb976002.log
Uninstall alternative (DOES work remotely via winexe/ssh):
dism /Online /Get-Packages | findstr 2973501
DISM.exe /Online /Remove-Package /PackageName:Pa ckage_for_KB297 3501~31bf3856ad 364e35~amd64~~6 .2.1.4
Find: 3b 86 20 03 00 00 0f 84 ff 14 01 00 57 6a 20 e8 @19153
Repl: b8 00 01 00 00 90 89 86 20 03 00 00 57 6a 20 e8
Find: 85 e0 fe ff ff 43 50 c7 85 e0 fe ff ff 1c 01 00 @19898
Repl: 85 e0 fe ff ff 90 50 c7 85 e0 fe ff ff 1c 01 00
Find: f8 74 2f 68 88 62 34 6f @655e4
Repl: f8 e9 2c 00 00 00 34 6f
Find: 3b 86 20 03 00 00 0f 84 df 14 01 00 57 6a 20 e8
Repl: b8 00 01 00 00 90 89 86 20 03 00 00 57 6a 20 e8
Find: 85 e0 fe ff ff 43 50 c7 85 e0 fe ff ff 1c 01 00
Repl: 85 e0 fe ff ff 90 50 c7 85 e0 fe ff ff 1c 01 00
I did both these replacements as well.
Find: f8 74 1a 68 b8 67 34 6f
Repl: f8 e9 2c 00 00 00 34 6f
Find: f8 74 2f 68 40 6a 34 6f
Repl: f8 e9 2c 00 00 00 34 6f
Tested and working.
Thanks a lot!
similar to 18540, just find
Find: 8b 87 38 06 00 00 39 87 3c 06 00 00 0f 84 eb c2 00 00
Repl: b8 00 01 00 00 90 89 87 38 06 00 00 90 90 90 90 90 90
Find: 60 bb 01 00 00 00 c7 44
Repl: 60 bb 00 00 00 00 c7 44
Find: 50 01 76 1b 48 8d 15 49
Repl: 50 00 eb 1b 48 8d 15 49
similar to 18540, just find
Find: 8b 87 38 06 00 00 39 87 3c 06 00 00 0f 84 eb c2 00 00
Repl: b8 00 01 00 00 90 89 87 38 06 00 00 90 90 90 90 90 90
Find: 60 bb 01 00 00 00 c7 44
Repl: 60 bb 00 00 00 00 c7 44
Find: 50 01 76 1b 48 8d 15 49
Repl: 50 00 eb 1b 48 8d 15 49
Find: 8b 87 38 06 00 00 39 87 3c 06 00 00 0f 84 5e c3 00 00
Repl: b8 00 01 00 00 90 89 87 38 06 00 00 90 90 90 90 90 90
Find: 60 bb 01 00 00 00 c7 44
Repl: 60 bb 00 00 00 00 c7 44
Find: 50 00 74 18 48 8d 15 79
Repl: 50 00 eb 18 48 8d 15 79
Find: 3b 86 20 03 00 00 0f 84 03 15 01 00 57 6a 20 e8 @1919f
Repl: b8 00 01 00 00 90 89 86 20 03 00 00 57 6a 20 e8
Find: 85 e0 fe ff ff 43 50 c7 85 e0 fe ff ff 1c 01 00 @198e0
Repl: 85 e0 fe ff ff 90 50 c7 85 e0 fe ff ff 1c 01 00
Find: f8 74 1a 68 80 65 34 6f @657c7
Repl: f8 e9 2c 00 00 00 34 6f
Find: 8b 87 38 06 00 00 39 87 3c 06 00 00 0f 84 2f c3 00 00 @1727C
Repl: b8 00 01 00 00 90 89 87 38 06 00 00 90 90 90 90 90 90
Find: 60 bb 01 00 00 00 c7 44 @17604
Repl: 60 bb 00 00 00 00 c7 44
Find: 50 01 76 1b 48 8d 15 79 @57dac
Repl: 50 00 eb 1b 48 8d 15 79
Anyone has this too?
http://m-taha.blogspot.com/2014/08/remote-audio-and-microphone-redirection.html
I wonder if windows 7 and 8 now use the same version of termsrv.dll after updating?
I actually use patchless RDPwrapper on Windows 8.1 systems. I stick with Concurrent RDP patches for my Windows 7 x64 Home Premium and Ultimate x64 systems.
I'' update and patch if someone can confirm.
I believe this statement in the article may have the file sizes reversed.
Windows 8.1 Enterprise x64
For new version:
1) for 6.3.9600.17095 version - find "39813C0600000F 849E310500" and replace to "B80001000089813806000090"
2) for 6.3.9600.17095 version - find "090085C07F078B D8" and replace to "090085C090908BD8"
3) Find "BB01000000C7" and replace to "BB00000000C7" (not changed)
Thank you for the help, bit i have a problem with step 3:
My hex editor can't find "BB01000000C7" OR "BB00000000C7" in the termsrv.dll 6.3.9600.17095.
Why???
Thank you!
Do you have the solution for 32 bits same version? My multiple session RDP in Windows 8.1 PRO 32 bits do not work from 10/07/2014.
_______________ _______________ __
Quoting A friend:
Can you please help with a new update?
How to copy the cracked version of "termsrv.dll":
http://windowssecrets.com/forums/showthread.php/129146-How-to-enable-W7-concurrent-users
Thxs