Windows Server 2008: Terminal Services Architecture

A good portion of the next two weeks will be devoted to Terminal Services and the new TS features.  So strap in, and let's get started ... We talked about the Windows Server 2008 Startup Processes in an earlier post.  SMSS.EXE is still the first user-mode process created during the boot process as in previous […]

A good portion of the next two weeks will be devoted to Terminal Services and the new TS features.  So strap in, and let's get started ...

We talked about the Windows Server 2008 Startup Processes in an earlier post.  SMSS.EXE is still the first user-mode process created during the boot process as in previous versions of Windows.  The change is that now SMSS.EXE launches a second instance of itself to configure Session 0, which is dedicated to system processes.  The instance of SMSS.EXE dedicated to Session 0 launches the Windows Startup Application (WININIT.EXE) as well as an instance of CSRSS.EXE for Session 0, after which it exits.  WININIT.EXE continues the startup process by starting SERVICES.EXE and LSASS.EXE as well as a new process, the Local Session Manager (LSM.EXE) which manages Terminal Server connections for the machine.

The Service Control Manager initializes the system services including the Terminal Services service which is implemented in termsrv.dll and hosted in an instance of SVCHOST.EXE.  The Terminal Services stack driver, termdd.sys, is loaded and creates a listener thread to listen for incoming connections on TCP port 3389.  When a session request is detected, the RDP listener thread creates a new RDP stack instance to handle the new session request.  The listener thread hands over the incoming session to the new RDP stack instance and continues listening on TCP port 3389 for further connection attempts.

Full Article

Microsoft, WS2008, Windows Server 2008, Terminal Services, Architecture,  Terminal Server, Knowledgebase