Microsoft confirms it has broken Windows ServerNur
Photo via Getty ImagesSecurity updates are always a good thing, until they aren’t, as anyone whose organization was disrupted by the CrowdStrike Falcon issue will be only too aware. However, they are a necessary evil in the fight against those who would break our systems. Talking of which, the latest Patch Tuesday Windows security update rollout appears to have done just that: broken systems. Microsoft has confirmed that certain Windows Server users might notice problems with Remote Desktop Connectivity, such as logon sessions being lost with all users disconnected every 30 minutes or so.
Windows Server Users Take To Reddit To Complain About 30 Minute CrashesReddit often serves as an early indicator of things going wrong following any update, including those for Windows users, as was the case here. An ongoing Patch Tuesday Megathread reports users experiencing Remote Desktop Gateway issues after applying the patch on Windows 2019 server and resulting in “random mass disconnects throughout the day,” while another confirms there are “crashes roughly every 30 minutes” in an organization serving 500 users.
Microsoft Confirms Windows Server DisruptionMicrosoft has confirmed that there is an issue. A support posting states that “Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted.”
The statement continues to explain how the issue “might occur intermittently, such as repeating every 30 minutes.” IT admins are advised that this can be seen as a TSGateway service termination that provides an error exception code of 0xc0000005.
Two Workaround Options While Fix Is In The WorksAt the time of writing, Microsoft is still working towards a proper resolution for the Windows Server issue and said it will provide an update in an upcoming release. However, in the meantime, users of Windows Server 2012, 2016, 2019 and 2022 are advised of the following workarounds:
1. Microsoft said that connection over “pipe and port \pipe\RpcProxy\3388 through the
RD Gateway” should be disallowed. This can be achieved using firewall software, for
example.
2. Alternatively, modifying the registry of client devices by removing a
RDGClientTransport key is also offered by way of mitigation. Microsoft advises that
the registry is backed up before modification and a route to restoration is known
before attempting this workaround. The precise registry change is done in the
HKCU\\Software\\Microsoft\\Terminal Server Client\\RDGClientTransport location and
involves setting the Value Data field to 0x0 for the DWORD registry key.
source