Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
 
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
 
Keep calm and we will be with you shortly!

Tom Aafloen 18 Sep 2019
1 min

Hyper-V Guests with Windows 10 (1903) hangs when using Enhanced Session/RDP?

Are you also having the issue where accessing your Hyper-V VM Guests works great when connecting via Virtual Machine Connection, but the VM hangs when you try to access it using Enhanced Session or RDP?

The VM becomes irresponsible and the only solution is to use Turn off (shutdown doesn’t work). The machine starts to continuously consume about 12% or 24% CPU (seems to depend on the number of CPU cores).

I run client Hyper-V on a Windows 10 (1903) machine, and the guest is also Windows 10. Enhanced Session used to work great, until Windows 10 (1903).

After some troubleshooting and researching I found out that a new RDP display driver called WDDM was introduced in 1903. By disabling WDDM and reverting to the old XDDM driver the problem went away for me.

Here’s how to do it:

Start the Local Group Policy Editor:

clip_image001

Navigate here:
Local Computer Policy
/Computer Configuration
  /Administrative Templates
   /Windows Components
    /Remote Desktop Services
     /Remote Desktop Session Host
      /Remote Session Environment

Configure the setting Use WDDM graphics display driver for Remote Desktop Connections to Disabled:

clip_image003

In an AD environment you can of course use the regular Group Policy Management.

You can also create and import a reg-file with the following text:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"fEnableWddmDriver"=dword:00000000

Reboot the Guest VM.

Yay, now I can access that guest VM using Enhanced Session again.