Support Request: skkey.sys causing BSOD when attempting a remote desktop connection

Description

Hi team, we are having an intermittent issue across our estate whereby attempting a remote desktop connection into a site kiosk enabled client, causes the PC to crash and a blue screen is presented.
This issue has been going for some time but nobody had taken the time to analyze the crash memory dumps.
Having a look at a sample it seems the skkey.sys driver might be at fault, this seems to be tied to the SiteKiosk keyboard driver?
Would it be possible to shed some light on this.

Some facts
-Issue happens intermittently
-RDPing using the Windows Remote Desktop Client
-Connecting to client machine using a "Remote Desktop User" account and not an account which launches SiteKiosk
-Happening on different hardware and variations of W10 (1709, 1803, 1909)

Happy to provide more memory dump outputs or provide more specific details you might require.

Answer: (3)

Re: skkey.sys causing BSOD when attempting a remote desktop connection 3/13/2020 4:12 PM
Hello,

SiteKiosk is using the SiteKey.sys driver for blocking all keyboard inputs during Windows startup when SiteKiosk is set to “Auto Start” mode as well as blocking critical key combinations when SiteKiosk is running.

Although it is not recommended to use Windows RDP with SiteKiosk (see below for reasons), we have not had any BSOD problems reported by other customers using Windows RDP.
Furthermore the sitekey.sys driver was tested by Microsoft on the expenses of one customer earlier and they found everything to be done in the way it should be.

There are only known BSOD cases, where other software in combination with sitekey.sys causes problems like e.g. this old case on HP machines:
https://www.provisio.com/en-GB/CustomerSupportCenter/ArticleDetails.aspx?ArticleID=15871
So please check this first (any software or driver that involves the hardware keyboard).


Regardless of your problem, it is not recommended to use Windows RDP for the following reasons:

- If you log on to the Admin user account via RDP, the SiteKiosk user will be logged off without SiteKiosk being terminated legitimately (you will get an “abnormal SiteKiosk program termination).
(To avoid this problem, you can use SiteRemote to exit SiteKiosk or log off the SiteKiosk user.)

- On Windows 10 MS RDP and SiteKiosk interfere with each other and SiteKiosk will not start in "Start once" mode. (you only see the Watchdog background when starting SiteKiosk in “Start once” mode).
The only workaround is using another remote desktop application OR activating the “Auto start” mode and only access the machine via RDP again after reboot and SiteKiosk startup.


General notes about explorer.exe.
SiteKiosk 9 will generally kill all explorer processes on Windows 10 when SiteKiosk is started.
This is a security feature to e.g. prevent that you can use any touch gesture to get the side bars on Windows 10.

Regards,
Michael Olbrich

P.S.As you use the SiteKiosk version 9.5:
Unfortunately we noticed that the last Windows patches from February 2020 included a change from Microsoft which led to the fact that you could no longer log in with the SiteKiosk user.
For this purpose, we have provided a patch that you can run locally or via SiteRemote.
For further information, please refer to this FAQ article:
EN https://www.provisio.com/en-GB/CustomerSupportCenter/ArticleDetails.aspx?ArticleID=25283
DE https://www.provisio.com/de-DE/CustomerSupportCenter/ArticleDetails.aspx?ArticleID=25298
You can also run the patch (UserAccessPatcher.exe) before Windows updates are applied to prevent the temporary user profile from loading.

We also have released a new SiteKiosk version where this fix is included:
https://www.provisio.com/link/SiteKioskDownload
Re: skkey.sys causing BSOD when attempting a remote desktop connection 3/19/2020 8:00 PM
Many thanks for your reply Michael, I will look into the possibility of 3rd party applications causing the issue however I just wanted to clarify something I omitted in my first post. When we have this issue, SiteKiosk is not "running". We have the product installed on our workstations and SiteKiosk.exe is initiated via GPO when specific usernames are logged on. At the point SiteKiosk takes over and we see whichever Kiosk is assigned to the PC with the corresponding lock down features.

Most of the time the workstations are just used as any PC, with office workers just logging on and off as they would normally. The workstations do have SiteKiosk installed as well as the services running and set to start automatically. I can also see that if SiteKiosk services are stopped and set to manual, the SiteKey.sys keyboard hook and skkey.sys emulated keyboard filter are still loaded.

Due to the current situation most of our users are working remotely and we are experiencing a high number of incidents due to crashes as people RDP in from home, we have resorted to uninstalling the product on several PCs until we can find a fix or solution.
Re: skkey.sys causing BSOD when attempting a remote desktop connection 3/20/2020 8:54 AM
Hello,

The behavior is correct, because the SiteKey.sys driver is always loaded on Windows start, no matter if the keyboard lock is activated or not.

If you need instructions on how to remove the driver without uninstalling SiteKiosk, please contact us by e-mail.
support-europe(at)provisio.com

But please note that when removing the SiteKey.sys driver you will not be able to block any critical key combinations (like e.g. CTRL+ALT+DEL) when SiteKiosk is running, which is a security risk.
However, this does not matter for the RDP connection, since the driver only affects the connected hardware keyboard.

Regards,
Michael Olbrich
My Account
Login
Language (Tickets):