Link to the main article: Remote desktop shadowing is Microsoft's free alternative to VNC, TeamViewer, DameWare etc. (well, sort of and only sometimes)

Troubleshooting

I see pause symbol in the shadowing window and I cannot interact with the session. What happened?

This shows up if you happen to initiate shadowing only seconds after the console user started to log in. If you suspect that is the case, wait for a minute or two and the remote screen will appear.

More likely however, the screen saver kicked in or the lock screen locked the console session. You cannot continue unless someone stops the screen saver or unlocks the computer. You might forcibly log off the console session remotely, however someone physically at the console has to logs in to use shadowing again.

Recommendation: Disable (or change) screen saver on the device. We had a case opened with Microsoft Support to solve the issue, however since screen savers are no longer supported, we had no luck. Officially, the screen saver should not block remote desktop shadowing, from experience though, it sometimes does. We tried a workaround by remotely terminating the screen saver process, this approach failed on AAD Joined devices due to the lack of WinRM support.

I am seeing "Shadow Error: The Group Policy setting is configured to require the user's consent. Verify the configuration of the policy setting." message while connecting. How to fix it?

Set the following registry entry to one of these values and restart the device:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

"Shadow"=dword:00000002

2 — full control without user’s permission;

or

"Shadow"=dword:00000004

4 — view session without user’s permission.

I am getting "Shadow Error: Unspecified error." message while connecting. How to fix it?

Check the value of EnableHardwareMode key in HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\ on the remote machine. The issue often appears, if the value is 0 (disabled HW acceleration). Change the value to 1 (enable HW acceleration).

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

"EnableHardwareMode"=dword:00000001

Or the console user session got stuck when logging off, the console session must be forcibly logged off. To forcibly log off the console session on the remote machine, start cmd.exe with the credentials of the account that is a member of local Administrators group on the remote machine:

Run quser console /server:remote_machine_name command.

Identify session ID associated with console session.

Run logoff sessionID /server:remote_machine_name.

"Shadow Error: The version of Windows running on this server does not support user shadowing."

If you are seeing such an error, even if 445/tcp is Open and we can query console session ID, first try to start Windows service Remote Desktop Services (TermService) on the remote machine.

"Error 0x000006BA enumerating sessionnames, Error [1722]:The RPC server is unavailable."

Still working on this one, suspecting local firewall related issues. If you have an idea, please share in the comments.

"Error 0x00000721 enumerating sessionnames, Error [1825]:A security package specific error occurred."

Use IP address of the device instead of the device name (Netbios or FQDN). The LaunchShadowSession script uses IP address and hopefully you never see such an error.

Error message: 'No User exists for console'

The error might be displayed after calling quser console /server:remote_machine_name within LaunchShadowSession script.

It indicates either:

• no user is logged on at the console of the remote machine or,
• the user you run the LaunchShadowSession script under is not neither member of either Administrators, Remote Desktop Users group(s) on the remote machine nor has been granted special permissions to list sessions on the remote machine.

Note: Membership in Remote Desktop Users group does not grant permissions to connect using Shadowing (only membership in Administrators group does and/or granting special permissions does). Membership in Remote Desktop Users group only allows to list the current session on the remote machine (and connect using regular Remote Desktop session).

"Shadow Error: Access is denied."

The error indicates that the user you run the LaunchShadowSession script under is not member of Administrators group on the remote machine, nor has special permissions applied.

"Shadow Error: You cannot shadow the specified session because that session is already being shadowed."

Self-explanatory.

After connecting, I can move the cursor or type, but the image is both distorted and frozen making Shadowing unusable. How to fix it?

The example of a skewed image:

Most of times the error message is displayed on the console of the remote machine:

And after you close shadowing session, you will not be able to initiate a new one, until you restart the remote machine. When trying you might get various error messages, such as:

or

Unfortunately does not help in all cases: If you encounter the issue, open gpedit.msc on the remote machine, and navigate to Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Remote Session Environment.

Ensure these policies are set as either Not configured or Disabled:

• Use hardware graphics adapters for all Remote Desktop Services sessions
• Configure H.264/AVC 444 hardware encoding for Remote Desktop Connections
• Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections

Thanks goes to Dragos Ioan Coste from Microsoft Support for the fix!