WTSQueryUserToken Fails, getlasterror() returns 1723

Question

I have a windows service that is running under the credentials of the system account. The service periodically polls windows for the active console session id, i.e. the interactive logged in windows user, and then retrieves the user token associated with the active console session id by pinvoking the wtsapi32.dll function WTSQueryUserToken(…). This implementation works flawlessly 99.9% percent of the time in the field. Lately however, I have found a customer where this implementation periodically (but never consistently) fails to retrieve the user token of the active console session id.

See customer's os info at the bottom of this post.

When WTSQueryUserToken() fails, GetLastError() returns the Windows System error code 1723.

The description of error code 1723: “The RPC server is too busy to complete this operation”

Here is example code snippet demonstrating the implementation:

int ActiveSession = 0;
Win32Wrapper.GetActiveConsoleSessionId(ref ActiveSession);
IntPtr UserToken = IntPtr.Zero;

if(!Win32Wrapper.WTSQueryUserToken(ActiveSession, ref UserToken))
{
   int myErr = Convert.ToInt32(Win32Wrapper.GetLastError());
   log("Failed to retrieve UserToken." + myErr.ToString());
   return;
}
else
{
   log("Retrieved User Token");
}

Does anyone know what might be the culprit ?

Here’s the customer’s setup:

• Authentication: Active Directory
• Operating System:
• Microsoft Windows NT 5.1.2600 Service
• Pack 3 Current UI Culture: en-US
• Current Culture: en-US CLR
• Version: 2.0.50727.3603
• IE Version: 8.0.6001.18702
• System type: 32 bit Free
• Physical Memory: 411MB Total
• Physical Memory: 893MB System
• Manufacturer: Dell Inc.
• Model: Vostro 1000
• Processor 1: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57

Services:

Name: Alerter Start Mode: Disabled State: Stopped Name: Application Layer Gateway Service Start Mode: Manual State: Running Name: Apple Mobile Device Start Mode: Auto State: Running Name: Application Management Start Mode: Manual State: Stopped Name: ASP.NET State Service Start Mode: Manual State: Stopped Name: Ati HotKey Poller Start Mode: Auto State: Running Name: Windows Audio Start Mode: Auto State: Running Name: Background Intelligent Transfer Service Start Mode: Auto State: Running Name: Bonjour Service Start Mode: Auto State: Running Name: Computer Browser Start Mode: Auto State: Running Name: Indexing Service Start Mode: Manual State: Stopped Name: ClipBook Start Mode: Disabled State: Stopped Name: .NET Runtime Optimization Service v2.0.50727_X86 Start Mode: Manual State: Stopped Name: COM+ System Application Start Mode: Manual State: Stopped Name: Cryptographic Services Start Mode: Auto State: Running Name: DCOM Server Process Launcher Start Mode: Auto State: Running Name: DHCP Client Start Mode: Auto State: Running Name: Logical Disk Manager Administrative Service Start Mode: Manual State: Stopped Name: Logical Disk Manager Start Mode: Auto State: Running Name: DNS Client Start Mode: Auto State: Running Name: Wired AutoConfig Start Mode: Manual State: Stopped Name: Extensible Authentication Protocol Service Start Mode: Manual State: Stopped Name: Error Reporting Service Start Mode: Disabled State: Stopped Name: Event Log Start Mode: Auto State: Running Name: COM+ Event System Start Mode: Manual State: Running Name: Fast User Switching Compatibility Start Mode: Manual State: Stopped Name: FlipShare Service Start Mode: Auto State: Running Name: Windows Presentation Foundation Font Cache 3.0.0.0 Start Mode: Manual State: Stopped Name: Help and Support Start Mode: Auto State: Running Name: HID Input Service Start Mode: Auto State: Running Name: Health Key and Certificate Management Service Start Mode: Manual State: Stopped Name: HTTP SSL Start Mode: Manual State: Stopped Name: InstallDriver Table Manager Start Mode: Manual State: Stopped Name: Windows CardSpace Start Mode: Manual State: Stopped Name: IMAPI CD-Burning COM Service Start Mode: Disabled State: Stopped Name: iPod Service Start Mode: Manual State: Stopped Name: Java Quick Starter Start Mode: Disabled State: Stopped Name: Server Start Mode: Auto State: Running Name: Workstation Start Mode: Auto State: Running Name: TCP/IP NetBIOS Helper Start Mode: Auto State: Running Name: McAfee Framework Service Start Mode: Auto State: Running Name: McAfee McShield Start Mode: Auto State: Running Name: McAfee Task Manager Start Mode: Auto State: Running Name: Machine Debug Manager Start Mode: Auto State: Running Name: Messenger Start Mode: Disabled State: Stopped Name: Vision Control Manager Start Mode: Disabled State: Stopped Name: NetMeeting Remote Desktop Sharing Start Mode: Disabled State: Stopped Name: Distributed Transaction Coordinator Start Mode: Manual State: Stopped Name: Windows Installer Start Mode: Manual State: Stopped Name: Network Access Protection Agent Start Mode: Manual State: Stopped Name: Network DDE Start Mode: Disabled State: Stopped Name: Network DDE DSDM Start Mode: Disabled State: Stopped Name: Net Logon Start Mode: Auto State: Running Name: Network Connections Start Mode: Manual State: Running Name: Net.Tcp Port Sharing Service Start Mode: Disabled State: Stopped Name: Network Location Awareness (NLA) Start Mode: Manual State: Running Name: NLCS Agent Start Mode: Auto State: Running Name: NT LM Security Support Provider Start Mode: Disabled State: Stopped Name: Removable Storage Start Mode: Manual State: Stopped Name: Microsoft Office Diagnostics Service Start Mode: Disabled State: Stopped Name: Office Source Engine Start Mode: Manual State: Stopped Name: Plug and Play Start Mode: Auto State: Running Name: Pml Driver HPZ12 Start Mode: Auto State: Stopped Name: IPSEC Services Start Mode: Auto State: Running Name: Protected Storage Start Mode: Auto State: Running Name: Remote Access Auto Connection Manager Start Mode: Manual State: Stopped Name: Remote Access Connection Manager Start Mode: Manual State: Stopped Name: Remote Desktop Help Session Manager Start Mode: Manual State: Stopped Name: Routing and Remote Access Start Mode: Disabled State: Stopped Name: Remote Registry Start Mode: Disabled State: Stopped Name: Remote Procedure Call (RPC) Locator Start Mode: Manual State: Stopped Name: Remote Procedure Call (RPC) Start Mode: Auto State: Running Name: QoS RSVP Start Mode: Manual State: Stopped Name: Security Accounts Manager Start Mode: Auto State: Running Name: Smart Card Start Mode: Manual State: Stopped Name: Task Scheduler Start Mode: Auto State: Running Name: Secondary Logon Start Mode: Auto State: Running Name: System Event Notification Start Mode: Auto State: Running Name: Windows Firewall/Internet Connection Sharing (ICS) Start Mode: Auto State: Running Name: Shell Hardware Detection Start Mode: Auto State: Running Name: Print Spooler Start Mode: Auto State: Running Name: System Restore Service Start Mode: Auto State: Stopped Name: SSDP Discovery Service Start Mode: Manual State: Running Name: Windows Image Acquisition (WIA) Start Mode: Auto State: Running Name: MS Software Shadow Copy Provider Start Mode: Manual State: Stopped Name: System Interface Service Start Mode: Auto State: Running Name: Performance Logs and Alerts Start Mode: Disabled State: Stopped Name: Telephony Start Mode: Disabled State: Stopped Name: Terminal Services Start Mode: Manual State: Running Name: Themes Start Mode: Disabled State: Stopped Name: Telnet Start Mode: Disabled State: Stopped Name: Distributed Link Tracking Client Start Mode: Auto State: Running Name: Universal Plug and Play Device Host Start Mode: Manual State: Stopped Name: Uninterruptible Power Supply Start Mode: Disabled State: Stopped Name: Volume Shadow Copy Start Mode: Manual State: Stopped Name: Windows Time Start Mode: Auto State: Running Name: WebClient Start Mode: Auto State: Running Name: Windows Defender Start Mode: Auto State: Running Name: Windows Management Instrumentation Start Mode: Auto State: Running Name: Dell Wireless WLAN Tray Service Start Mode: Auto State: Running Name: Portable Media Serial Number Service Start Mode: Disabled State: Stopped Name: Windows Management Instrumentation Driver Extensions Start Mode: Manual State: Stopped Name: WMI Performance Adapter Start Mode: Manual State: Stopped Name: Windows Media Player Network Sharing Service Start Mode: Manual State: Stopped Name: Security Center Start Mode: Auto State: Stopped Name: Windows Search Start Mode: Auto State: Running Name: Automatic Updates Start Mode: Auto State: Running Name: Windows Driver Foundation - User-mode Driver Framework Start Mode: Manual State: Stopped Name: Wireless Zero Configuration Start Mode: Auto State: Stopped Name: Network Provisioning Service Start Mode: Manual State: Stopped

Processes:

Name: System Idle Process Working Set: 28KB Name: System Working Set: 244KB Name: smss.exe Working Set: 428KB Name: csrss.exe Working Set: 3984KB Name: winlogon.exe Working Set: 3944KB Name: services.exe Working Set: 3612KB Name: lsass.exe Working Set: 5344KB Name: ati2evxx.exe Working Set: 3036KB Name: svchost.exe Working Set: 5076KB Name: svchost.exe Working Set: 5384KB Name: MsMpEng.exe Working Set: 39384KB Name: svchost.exe Working Set: 23792KB Name: svchost.exe Working Set: 4280KB Name: svchost.exe Working Set: 4944KB Name: WLTRYSVC.EXE Working Set: 1652KB Name: BCMWLTRY.EXE Working Set: 9820KB Name: spoolsv.exe Working Set: 8364KB Name: svchost.exe Working Set: 5356KB Name: AppleMobileDeviceService.exe Working Set: 4284KB Name: mDNSResponder.exe Working Set: 4368KB Name: FlipShareService.exe Working Set: 5316KB Name: FrameworkService.exe Working Set: 6048KB Name: mcshield.exe Working Set: 55800KB Name: vstskmgr.exe Working Set: 564KB Name: mdm.exe Working Set: 2748KB Name: csagtprosvc.exe Working Set: 5644KB Name: naPrdMgr.exe Working Set: 2044KB Name: svchost.exe Working Set: 4308KB Name: searchindexer.exe Working Set: 20460KB Name: svchost.exe Working Set: 21864KB Name: unsecapp.exe Working Set: 3828KB Name: alg.exe Working Set: 4336KB Name: wmiprvse.exe Working Set: 7576KB Name: ati2evxx.exe Working Set: 3600KB Name: explorer.exe Working Set: 33096KB Name: SynTPEnh.exe Working Set: 4736KB Name: WLTRAY.EXE Working Set: 6644KB Name: MSASCui.exe Working Set: 7824KB Name: shstat.exe Working Set: 820KB Name: UdaterUI.exe Working Set: 2304KB Name: stsystra.exe Working Set: 8100KB Name: Mctray.exe Working Set: 2396KB Name: ctfmon.exe Working Set: 3252KB Name: DyKnowLogSender.exe Working Set: 23972KB

Answer 1

Is Win32Wrapper.GetLastError actually calling GetLastError? That function can't be reliably called from managed code. Instead, you should add SetLastError=true to the DllImport attribute of all functions that sets the error (WTSQueryUserToken in your case), and then check the result with Marshal.GetLastWin32Error().

Answer 2

Hello,

Did you find a solution yet? I would need it too, since I'm having the same problem, more or less, but on Windows 7.

Thanks, Marcel

Answer 3

I had this problem once. So I advise to repeat this call some time later (using Sleep). If it works 99% then it is likely that it will work after trying several more times. I also would add a counter so there is no infinite loop.