[German]A brief note for administrators who are already running Windows Server 2022 in their environment. The update KB5012604 released by Microsoft on April 12, 2022 continues to cause problems. After its installation, the Remote Desktop Gateway can no longer be used. This continues the bug introduced by a security update in March 2022.
Advertising
March 2022: Problems with Remote Desktop Gateway
As of March 8, 2022, Microsoft released cumulative update KB5011497 for Windows Server 2022 to address unspecified vulnerabilities. The recommendation was to install this security update promptly because of the SMBv3 vulnerability CVE-2022-24508 (see CERT-EU warns of SMBv3 vulnerability CVE-2022-24508, fix through Windows March 2022 updates).
However, this clashes with the fact that administrators deploying roles for remote desktop gateways in this environment run into issues. I had addressed the issue in the post Windows Server 2022: March 2022 update KB5011497 breaks remote desktop gateway role. Once the update is installed – according to a description by German blog reader Sebastian – the required roles are:
- Remote Desktop Connection Broker
- Remote Desktop Administration
required for the remote desktop gateway are broken or missing. The problem has been confirmed several times by other administrators. A real solution is not known – even though in the blog post Windows Server: Open issues from March 2022 Updates (KB5011551, KB5011497) I've outlined possible mitigations – but these do not help universally. The hope was that Microsoft would fix the problem internally by the April 2022 patchday.
Update KB5012604: Same remote desktop gateway issue
As of April 12, 2022, Microsoft has released cumulative update KB5012604 for Windows Server 2022 (seePatchday: Windows 11/Server 2022 Updates (April 12, 2022)) to fix various issues, including the password loop (see also Windows Server 2019: Update KB5011551 causes password loop). The list of known issues states:
After installing this update, connections may fail to authenticate when connecting to devices in an untrusted domain using Remote Desktop when using smart card authentication.
However, this bug is supposed to be fixed via Known Issue Rollback, KIR. Not addressed by Microsoft was the issue outlined above with broken roles for the remote desktop gateway. In the blog, a user therefore already asked yesterday:
Advertising
Anyone know whether the CU for 2022 server for April also contains this CB breaking issue? Was released last night as KB5012604
And it still states issues with Remote Desktop connections.
I could not answer because I did not have any information at that time. In the meantime, however, there are already two voices that continue to confirm broken roles for the remote desktop gateway. But from Chris is this comment (thx for that):
Yes KB5012604 seems to have broken connection broker for me.
Furthermore, a German administrator on Facebook responded in a group to my post about the April 2022 security updates with the following comment. Eugen Z. writes:
The RDP problem from March was not solved. This also occurs again after installing April updates.
Maybe this information helps one or the other administrator. And immediately the question: Anyone else who can confirm this – or maybe there is a solution?
Addendum: One more question: I reported the issue again via Twitter to @WindowsUpdate. Susan Bradley (Patch Lady) asked if anyone affected has opened a support case with Microsoft? Susan offered that she can open a support case for affected people – contact here at sb[at]askwoody[dot]com – and let me know that – thx.
On Facebook an administrator gave me the following advice (thanks for that): I had to reinstall and configure roles on all servers. Assign license servers. Then it was running again. Maybe this helps someone.
Follow-up article: Windows Server 2022: RDS bug (RDCB role broken) caused by KB5011497, not fixed in May 2022
Similar articles:
Patchday: Windows 10 Updates (April 12, 2022)
Patchday: Windows 11/Server 2022 Updates (April 12, 2022)
Windows Server 2022: March 2022 update KB5011497 breaks remote desktop gateway role
Windows Server 2022: Fix for Remote Desktop problems with update KB5011497
Windows Server: Open issues from March 2022 Updates (KB5011551, KB5011497)
Windows Server 2022: Update KB5012604 breaks Remote Desktop Gateway
Advertising
RD Session Deployment lost at two customers sites.
Resolved creating a new deployment.
New-RDSessionDeployment -ConnectionBroker "RDS.DOMAIN.LOCAL" -WebAccessServer "RDS.DOMAIN.LOCAL" -SessionHost "RDS.DOMAIN.LOCAL"
After that, I was able to add the Licensing Server again in the Server Manager (licenses remained) and configure the collection.