Windows Server 2022: RDS bug (RDCB role broken) caused by KB5011497, not fixed in May 2022

Windows[German]Since March 2022 there are issues with remote services in Windows Server 2022, caused by security update KB5011497 from March 8, 2022. That's because certain roles become unavailable after installing that update – and that wasn't fixed in April an May 2022 with patchday updates. Here is a brief inventory along with information on what I am aware of.


Advertising

Update KB5011497 for Windows Server 2022

I had covered it in the blog post Patchday: Windows 11/Server 2022 updates (March 8, 2022). As of March 8, 2022, Microsoft has released cumulative update KB5011497 for Windows Server 2022. The update raises the OS build to 20348.587 and makes internal, unspecified, security fixes to the operating system.

There are issues with remote services

In the blog post Windows Server 2022: March 2022 update KB5011497 breaks remote desktop gateway role, I had already addressed the issue. Blog reader Sebastian R. reported that the above update was causing massive problems with remote connections to the Remote Desktop Gateway in his environment. Sebastian wrote about the error pattern that Windows services belonging to the following roles were missing after installing the update. 

  • Remote Desktop Connection Broker
  • Remote Desktop Management

The Remote Desktop Connection Broker role is broken after the update installation. The error is reproducible and Sebastian already had to block the March 2022 Windows update at WSUS. Since this article was published, I have received feedback from other administrators about similar observations. The suggested solutions in the post Windows Server 2022: Fix for Remote Desktop problems with update KB5011497 did not always help. There is also extensive discussion about this in the comments here.

It hasn't been fixed till May

In this comment, Fabien G., writes that there are still problems in April 2022. If you install the new update KB5012637 without any other updates since February 2022 (exception KB5011258), the RDCB roll is broken afterwards. If you install KB5012637 after KB5012604 (replaces KB5011497) and after a new installation of the RDS roles (always with KB5011258 before), the RDCB role should continue to work.

I had informed Susan Bradley, who runs both Askwoody and the patchmanagement.org mailing list, about the problem. Her feedback at first was that she could not reproduce the errors. Then as of April 26, 2022, I read on patchmanagement.org that Susan Bradley was able to reproduce the bug – referencing my blog post Windows Server 2022: Update KB5012604 breaks Remote Desktop Gateway.


Advertising

Windows Server 2022: Update KB5012604 breaks Remote Desktop Gateway | Born's Tech and Windows World (borncity.com)

I can report that I'm able to repro this.

Not sure if it will break again with the May updates.  Hang loose.

From what I've heard, the bug has been reported to Microsoft and their developers are analyzing the problem. Currently, however, there isn't a fix for this issue available. Susan Bradley has posted this comment and follow-up statements and writes that the bug has not been fixed yet. And within this comment a reader confirmed, that he has lost RD Session Deployment on two customer sites. He described, how he was able to solve it with creating a new deployment.


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in issue, Update, Windows and tagged , , , . Bookmark the permalink.

7 Responses to Windows Server 2022: RDS bug (RDCB role broken) caused by KB5011497, not fixed in May 2022

  1. Fabien G. says:

    Hello,

    I tried the new KB5013944 (remplace KB5012637 > KB5012604 > KB5011497). This time KB5011258 looks included, but RDCB breaks again. :(
    Always with the same iso (Windows Server 2022 French 64-bit X22-74294) in standard edition. Microsoft should makes new isos and remplace them at onmicrosoft.com…
    I close my ticket with MS support, our dev teams and customers can't wait anymore for a "eventual" fix. I spend time ($£€) for new "stable" (I hope) installations.

    For now, be aware of this : make updates before any roles installation.

  2. Robert Gijsen says:

    Same here. KB5013944 still breaks RD Broker. And it won't let me add it after it broke down either.

  3. Mark Seaton-fry says:

    KB5014678 seems like it doesn't break it this month on my test box.

    • Francis says:

      Is it stable as of right now ?

    • Bernd Kastenbrot says:

      Hi,
      a customer of my also states, that with the updates 2022-06 (KB5014678) their RDS Servers (3 systems) are working.
      Prior this, we opened up a ticket at MS for him in April MS in April 2022 and they said, yes, it's a BUG, we know of it since 2022-01 and are working on it.
      Some statement from support team:

      "The issue :

      – Standard editions of Windows Server 2022
      – Datacenter editions are NOT impacted.
      – Server roles must be installed prior to installing any Windows Update released on or after 2022 02

      This issue is caused by a zero-day bug in the packaging installation infrastructure as opposed to a regression in the March or April 2022 or other Windows Updates. On or ~ April 28, 2022,

      WSD filed the following new incident against the Packaging Services team to investigate and ideally craft a fix prior to the next Windows Update release

      1. Non-workarounds

      Borncity blog post and reader comments in Windows Server 2022: Fix for Remote Desktop problems with update KB5011497 | Born's Tech and Windows World (borncity.com) claim that installing .NET OOB KB5011258 prior to installing 3B KB5011497 and 4B KB5012604 prevents this issue from occurring.
      KB5011258 is the .NET Framework 2022.02 OOB patch addressed the System.DirectoryServices APIs specific to acquiring or setting Forest Trust Information may fail or crash with various errors, including an access violation (0xc0000005) issue. Another user claims the issue does not happen after stopping TrendMicro. None of these workaround address the root cause of this issue.

      1. Workaround
      The only safe workaround until Microsoft builds a preventative fix is to
      (1.) Remove the RDS role,
      (2.) Install the any / the latest LCU then
      (3.) re-install the RDS role. RDS roles can technically be re-installed even after the update removes them from their initial installed state, but this approach is not recommended as the roles are installed on a device with bad state."

      Unfortunately, it's not reported as fix, but seems to work.

  4. Advertising

  5. JonnyBoy says:

    hello I have not solved the problem with July update. Rd becomes corrupted. The w2022 DT machine with rd server on vsphere 6.5 crashes completely. Not even Vmware can reach it. I went back to a May snapshoot. I tried on stage machine to remove dt roles, remove from domain, install updates, reinstall rd but to no avail. Other W2022 DT machines on the same node with Sql or web service do not present any problems. Hope ms fix it. Meanwhile, I have blocked wupdate updates. I hope some of you get to work.

Leave a Reply

Your email address will not be published.