Backbird has killed RDP on Windows 10 (Event ID 226)


Today I've did... well, a stupid thing. I was so annoyed with Windows telemetry and its consumption of my resources, and dozens other similar sht (thank you Microsoft!), that I've ran Blackbird to solve the things for me. It probably did the trick, but since then I cannot RDP from this PC anymore - I'm always getting some authentication issue:

"An authentication error has occurred. The function requested is not supported."

Windows event log (Applications and Services Logs / Microsoft / Windows / TerminalServices-ClientActiveXCore / Microsoft-Windows-TerminalServices-RDPClient/Operational) shows the following warnings (all with Event ID 226):

RDPClient_SSL: An error was encountered when transitioning from TsSslStateHandshakeStart to TsSslStateDisconnecting in response to TsSslEventStartHandshakeFailed (error code 0x80004005).

RDPClient_TCP: An error was encountered when transitioning from TcpStateFrontAuth to TcpStateFailure in response to TcpEventFrontAuthFailed (error code 0x80090302).

RDPClient_TCP: An error was encountered when transitioning from TcpStateExpectingX244CC to TcpStateFailure in response to TcpEventErrorProcessingX224CC (error code 0x80004005).

Does anyone know how to resolve this, and get RDP running again?

Bit more info: RDP client successfully initiates communication with the server (it is not a connection issue), prompts me for credentials, and fails with mentioned error when it tries to authenticate.



2 Answers



blackbird -l

will fix RDP without removing any of the other fixes.

answered on Server Fault Apr 13, 2018 by Marco Moinho

Well, I've came to the answer I was seeking for, and I'll share it here. First I have to admit that it was my fault in the first place - I didn't read the documentation :(

It turned out that everything done by Blackbird can be undone (reverted back) (as documentation explains) by using -r switch. (I haven't tried this!)

Anyway, it is always a good idea to create at least restore point (if not full backup) before doing anything with Blackbird (or any other similar app in that matter).

Finally I can say that I've successfully got rid of Cortana and telemetry by executing:

blackbird -kc -kf

Everything else seems to work fine so far.

Btw. Cortana can be also disabled in Local Group Policy (as described here) without using any tool (without Blackbird).

answered on Server Fault Dec 15, 2016 by Aleksandar Pesic • edited Mar 20, 2017 by Community

User contributions licensed under CC BY-SA 3.0