We talked about the Windows Server 2008 Startup Processes in an earlier post. SMSS.EXE is still the first user-mode process created during the boot process as in previous versions of Windows. The change is that now SMSS.EXE launches a second instance of itself to configure Session 0, which is dedicated to system processes. The instance of SMSS.EXE dedicated to Session 0 launches the Windows Startup Application (WININIT.EXE) as well as an instance of CSRSS.EXE for Session 0, after which it exits. WININIT.EXE continues the startup process by starting SERVICES.EXE and LSASS.EXE as well as a new process, the Local Session Manager (LSM.EXE) which manages Terminal Server connections for the machine.
The Service Control Manager initializes the system services including the Terminal Services service which is implemented in termsrv.dll and hosted in an instance of SVCHOST.EXE. The Terminal Services stack driver, termdd.sys , is loaded and creates a listener thread to listen for incoming connections on TCP port 3389. When a session request is detected, the RDP listener thread creates a new RDP stack instance to handle the new session request. The listener thread hands over the incoming session to the new RDP stack instance and continues listening on TCP port 3389 for further connection attempts.
When a user logs on, either at the console or via Terminal Services, the initial Session Manager process creates a new instance of itself to configure the new session. The new SMSS.EXE process starts a CSRSS.EXE process, a Windows Logon process (WINLOGON.EXE) and a per-session instance of the Window Manager (WIN32K.SYS). WINLOGON.EXE starts the processes listed in the following registry key (USERINIT.EXE by default): HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\Userinit . USERINIT.EXE starts the process defined as the shell in the following registry key (EXPLORER.EXE by default on full installations of Windows Server 2008 and CMD.EXE on Server Core installations of Windows Server 2008) and then exits: HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\Shell .
Terminal Server client sessions use separate drivers on the server, one for the display ( rdpdd.dll ) and one for the keyboard and mouse ( rdpwd.sys ). The user interface rendering calls are captured by rdpdd.dll and transmitted to the client over the RDP protocol. The keyboard and mouse input on the client is transmitted over the TCP connection to rdpwd.sys for translation. These drivers provide the remote server interaction functionality for the client session. Remember that prior to Windows Server 2008, TS session creation was done serially by the Session Manager process, SMSS.EXE. The new Session Manager design provides parallel session initialization, with the session-specific instances of SMSS.EXE concurrently creating the WINLOGON.EXE and CSRSS.EXE process instances for each session. The end result is improved Terminal Server logon times.
The next two tables list out the important services and binaries for Terminal Services on Windows Server 2008.
Terminal Server Services
|Terminal Services (TermServices)||
%systemroot%\system32\svchost.exe -k termsvcs
|Main TS service required for all Terminal Services and Remote Desktop functionality|
|Terminal Services Configuration (SessionEnv)||
%systemroot%\system32\svchost.exe -k netsvcs
|Responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context|
|Terminal Services Gateway (TSGateway)||
%systemroot%\system32\svchost.exe -k tsgateway
|Provides TS Gateway functionality|
|Terminal Services Session Broker (Tssdis)||%systemroot%\system32\tssdis.exe||Provides TS Session Broker functionality|
|Terminal Services UserMode Port Redirector (UMRdpService)||
%systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
|Provides device redirection functionality|
Terminal Server Binaries
|AACLIENT.DLL||"Anywhere Access" Client DLL (Terminal Services Web Access)|
|CREDSSP.DLL||Terminal Server Single Sign On Security Support Provider (SSP)|
|MSTSCAX.DLL||Terminal Server ActiveX Control|
|MSTSC.EXE||Remote Desktop Connection application executable|
|RDPINIT.EXE||Used for RemoteApp initialization, started by USERINIT.EXE|
|RDPSHELL.EXE||The RemoteApp Shell, used instead of EXPLORER.EXE|
|RDPSND.DLL||Legacy user-mode audio driver|
|RDPWSX.DLL||User-mode protocol extension. Handles setup / connect / disconnect|
|RDPDR.SYS||Kernel-mode device redirector / Drive Redirection / Smart Card Redirection / Printer Redirection / Port Redirection|
|RDPDD.DLL||Terminal Services Display Driver|
|RDPWD.SYS||Terminal Services session mouse and keyboard driver|
|RDPCLIP.EXE||Terminal Services Clipboard redirection|
Manages binding of connection stacks to Win32 context, CSRSS, etc.
Runs in a shared service host as a service via SVCHOST.EXE
%systemroot%\system32\svchost.exe -k termsvcs
|TERMDD.SYS||Terminal Services Device Driver that provides the run-time for network specific components and listens for RDP client connections on TCP port 3389|
|TDTCP.SYS||Packages the RDP protocol for the underlying network TCP/IP protocol|
|TSDDD.DLL||Terminal Services display driver used when making a console connection|
Handles user logons and logoffs and processes the special Windows key combination (CTRL+ALT+DEL)
Responsible for starting the Windows shell (which is usually Windows Explorer)
|WINSTA.DLL||Provides session-related information such as idle and session login time and supports tasks such as session shadowing and switching|
|WINMM.DLL||Media Control Interface (MCI) API DLL. This is a library that supports multimedia services; it is used to initialize .WAV, .MID and .AUX files|
|WTSAPI32.DLL||Windows Terminal Server SDK API's|
That brings us to the end of our quick overview of the Terminal Services Architecture in Windows Server 2008. Tomorrow we will go over some of the Management and Administration components of Terminal Server. Until next time ...
|Share this post :|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.