[German]A quick note for Windows Server 2022 administrators: Be careful when applying the security update KB5011497 from March 8, 2022. I have received a report from an administrator that this update can cause severe problems with remote services. Certain roles are no longer available after installing this update – and this could be verified on several server instances.
Update KB5011497 for Windows Server 2022
I had covered it in the blog post Patchday: Windows 11/Server 2022 updates (March 8, 2022): As of March 8, 2022, Microsoft has released cumulative update KB5011497 for Windows Server 2022. The update raises the OS build to 20348.587 and makes internal, unspecified, security fixes to the operating system.
The Known Issues section of the update support article states that when connecting to devices in an untrusted domain with Remote Desktop, authentication fails when using smart card authentication. However, this does not affect the error described below.
Issues with remote services/roles
German blog reader Sebastian R. just reported via email that he encountered issues with two Windows Server 2022 systems earlier today due to Windows updates released on March 8, 2022. Sebastian works for an IT service provider as an administrator, and his employer runs remote desktop (gateway) infrastructures for its own purposes as well as for customers.
- One VM per customer is used here, providing the roles of Remote Desktop Gateway, Remote Desktop Connection Broker and Web Access for Remote Desktop.
- Two of these systems run Windows Server 2022, all others Windows Server 2019.
After automatically installing the Windows updates (KB5011497, KB5009639 and KB5010523 were installed) after release on these two Windows Server 2022 systems, remote connections through these systems stopped working.
I have not found any KB articles for the latter two updates KB5009639 and KB5010523. These are probably included in the January 2022 update KB5009608 (see here).
Sebastian writes about the error pattern that was noticed quickly after the update installation, that Windows services belonging to the roles mentioned above were missing on the two systems. Specifically, the services below were missing:
- Remote Desktop Connection Broker (see)
- Remote Desktop Management (might be RDS)
So he checked the installed Windows roles and it turned out that the Remote Desktop Connection Broker role is not installed at all, or is detected as no longer installed. The Windows event log for this is not very informative, Sebastian wrote.
Remote Desktop Connection Broker Role broken
The next step was to reinstall the Windows Remote Desktop Connection Broker role. After that, the management of the Remote Desktop structure via UI and Powershell was available again and thus visible. But then Sebastian made the following experience:
Unfortunately, this didn't help us much, because I then used "Get-RDServer" in Powershell to output the status of the systems involved in the RDS infrastructure. The result was that our system had lost the role RDS-GATEWAY. Although the role was installed according to the server manager. Reinstalling the Remote Desktop Gateway role did not change the error pattern.
To avoid spending more time on a possibly unrecoverable system, I restored the VM from a backup before the Windows updates. So I started the backup restore, installed Windows Updates and after the restart the same initial error condition: The role Remote Desktop Connection Broker is completely missing. Before the restart by Windows Updates the above mentioned Windows services were still present.
So the error is reproducible and Sebastian blocked the Windows update from WSUS for the time being. He commented: Maybe the information helps someone else and you want to pick it up in the blog. At this point my thanks to Sebastian – and I have posted now the information her in a timely manner.
Addendum: On Facebook, I have feedback from two administrator groups that there were problems there as well. One confirmed the same problem, another administrator got the following error message in a dialog box:
Remote Desktop Connection
There are no available computers in the pool. Try connecting again, or contact your network administrator.
The person in question wrote:
… hit me today. But what helped was, took server out of domain, back into domain it went.
The roles were not gone. And the server was also present in the AD. But then by removing and re-add everything went again fortunately.
So not quite the error outlined above. I must therefore leave the whole thing here as open – perhaps there are others affected.
See also my new addendum: Windows Server 2022: Fix for Remote Desktop problems with update KB5011497
Microsoft Office Updates (March 1, 2022)
Microsoft Security Update Summary (March 8, 2022)
Patchday: Windows 10-Updates (March 8, 2022)
Patchday: Windows 11/Server 2022-Updates (March 8, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (March 8, 2022)
Cookies helps to fund this blog: Cookie settings