# Attempts to shadow RD connection result in, "The interface is unknown"



## rickyjo (Jun 24, 2008)

I am tremendously annoyed by the fact that Windows Server 2012 does not have shadow.exe or the /SHADOW option on MSTSC (like Server 2012r2). I built a test-VM with Server 2012 and I swapped a bunch of files so that I am essentially running the Remote Desktop client for Windows Server 2012r2 (for the procedure I used see the end of the post). Almost everything is working fine, except the one thing I wanted: the /SHADOW option on MSTSC. The option does appear in MSTSC /? However, when I attempt to use it I get the following error, "The interface is unknown". The heading on this error is, "Shadow Error".

Searching about I see this error happens somewhat often with remove viewing software (eg. VNC), but the solutions I've seen so far don't work. I realize this is a very specific question and the answer may just be what I'm trying cannot be done (getting MSTSC /SHADOW to work on 2012). In any case, I've tried:


Making sure the Windows Event Log service is Automatic; I also rebooted the even log service
Rebooting the server
Using remote desktop with a different user account
Using MSTSC with a different user account (both admins)
Disabling the Firewall
Any last-ditch ideas before I give up on this idea forever?

In case it helps, here is the procedure I used to load the new MSTSC (sorry the formatting is messed up):

*To enable Shadow via mstsc.exe on Server 2012, perform the following steps:*
· Using Powershell, take ownership of the following files (do not recurse)
o C:\windows\system32\aaclient.dll
o C:\windows\system32\mstsc.exe
o C:\windows\system32\mstscax.dll
o C:\windows\system32\en-us\aaclient.dll.mui
o C:\windows\system32\en-us\mstsc.exe.mui
o C:\windows\system32\en-us\mstscax.dll.mui
NOTES:


· For proper Powershell syntax, see this document: http://technet.microsoft.com/en-us/l.../cc753024.aspx
· I'm nearly certain you must use Powershell, do not attempt to use the GUI to take ownership
· Example: _Takeown /f C:\windows\system32\aaclient.dll_
 *After gaining ownership: *


· Give your user account full permissions to each of these files (do it individually)
 o Ownership is not enough, actually give full access to the files. You can use the GUI to edit NTFS permissions normally after taking ownership


· Connect to a Windows 8.1 (not 8) or Server 2012r2 computer that has the desired "/shadow" option


· Replace each of the above files on the 2012 server with the files from Server 2012r2


· Run "mstsc.exe /?" to verify the "/shadow" option is now available


· Remove your user account's access to these files (it's OK if Administrators still has its original access of "Read&Execute/Read").
 You should now be able to Shadow connections
Test more fully by logging in with another user and then perform these steps:


· Run "quser" to get the session ID


· Run "mstsc.exe /shadow:[sess ID]"
Most of this procedure borrowed from: http://www.remkoweijnen.nl/blog/2013...-on-windows-7/

FINAL NOTE: Tomorrow is Christmas Eve and I may check in as late as Friday, this thread is not abandoned if I don't respond before then; I'm setting an Outlook reminder to view Friday, just in case.


----------

