Microsoft admits Windows Server is broken
Security updates are always a good thing until they cause chaos for your organization. CrowdStrike Falcon issues You probably all know them well. But they are a necessary evil in the fight against those who seek to destroy your systems. Speaking of which, the latest Patch Tuesday Windows security update rollout appears to have done just that: destroyed systems. Microsoft has confirmed that some Windows Server users may notice issues with Remote Desktop connections, including all users being disconnected and losing their logon sessions approximately every 30 minutes.
Windows Server users take to Reddit to complain about 30-minute crash
Reddit is often a sign of problems after updates, including those for Windows users, as was the case here. Patch Tuesday Megathread After patching Windows 2019 servers, some have reported issues with Remote Desktop Gateway, causing “a large number of random disconnections throughout the day,” while others say an organization serving 500 users is “experiencing crashes approximately every 30 minutes.”
Microsoft acknowledges Windows Server interruption
Microsoft has confirmed that there is a problem. Support Posting “If the Remote Desktop Gateway uses legacy protocols (Remote Procedure Calls over HTTP), Windows servers may impact remote desktop connections across the organization. This may result in remote desktop connections being disrupted,” it said.
The statement goes on to explain that the issue “may occur intermittently, such as repeating every 30 minutes.” IT administrators have been informed that this can be seen as a termination of the TSGateway service providing the error exception code 0xc0000005.
Two workarounds in the works
At the time of writing, Microsoft says they’re still working on a proper resolution to the issue for Windows Server and will provide an update in an upcoming release, but in the meantime, the following workaround is recommended for Windows Server 2012, 2016, 2019, and 2022 users:
- Microsoft states that connections via “pipe through RD Gateway and port \pipe\RpcProxy\3388” should be disallowed. This can be achieved, for example, using firewall software.
- Alternatively, a suggested mitigation is to modify the registry on the client device by deleting the RDGClientTransport key. Microsoft recommends that before attempting this workaround, you should back up the registry before modifying it and know the restore route. The exact registry modification should be made in the following location: HKCU\\Software\\Microsoft\\Terminal Server Client\\RDGClientTransport and the value data field of the DWORD registry key should be set to 0x0.
