Today I fixed one bug that was very hard to reproduce. Many hours were spent to figure out what combination caused it:
- It happens only on Windows XP (not on Vista, Server 2003, 2008, Win 7);
- It does not happens on all Windows XP, because it is Race condition;
- I was unable to reproduce it with physical glass/monitor attached to the computer; It only happened using Remote Desktop;
- It does not happen when debugger is attached and breakpoint is being hit;
Latter I found people that have similar issue:
- CreateProcessAsUser from service fails with 233 (FUS, Windows XP) on microsoft.public.platformsdk.security;
- CreateProcessAsUser fails with 233 (No process is on the other end of the pipe), XP;
- In comments from the article;
- CreateProcessAsUser fails on XP x64 on Microsoft forums;
The code is the following:
WTSQueryUserToken(..., &hToken);
SetTokenInformation(hToken, ...);
SomeVistaAndWin7ElevatedTokenStuff(hToken);
CreateProcessAsUser(hToken, ...);
And CreateProcessAsUser fails with GetLastError() = 233. Looking in System Error Codes (0-499) – ERROR_PIPE_NOT_CONNECTED 233 (0xE9) – No process is on the other end of the pipe.
The confusing part is about Pipe, because you didn’t expect to get pipe error here – you have not created any pipe.
In the first post I have linked, Thomas Graefenhain writes:
I’ve debugged a little bit with the kernel debugger, and have found the
problem: CreateProcessAsUser uses internally, when creating a process in an
other session, the function CreateRemoteProcessW from ADVAPI32.DLL. This
function opens a pipe with the name
\\.\Pipe\TerminalServer\SystemExecSrvr\%d where %d is the SessionID and
sending the request over to csrss.exe. …
In another post someone mentioned that Sleep(2000) fixed the problem. This explains why under debugger everything works without an error.
The good news is that it happens only under Windows XP and under Remote Desktop, so small group of users are affected. The bad new is that there are no elegant workarounds. Windows XP is in the Extended Support Phase, so I am not counting on fix from Microsoft.
Currently I use the following workaround (simplified version, see below). If you have something better or more elegant, please let me know in the comments below.
{
     Sleep(100);
     CreateProcessAsUser(hToken, ...);
} while (wasError && GetLastError() == 233 && IsWindowsXP());
I get the same problem on XP when running as a virtual machine inside Windows 7’s “Windows XP Mode”. So it’s not just when running as a remote desktop.
Unfortunately the workaround above doesn’t work in this case. Will let you know if I find a solution…!