[German]Security update KB5015808, released in July 2022, causes RDP issues on Windows Server 1609. Here in the blog I had reported about the problems in the RDS infrastructure – while Microsoft is silent about it so far. But unofficially, there seems to be a fix that rolls back the affected part of the patch via Known Issues Rollback (KIR). Below I document this issue – maybe it will help those affected.
Windows Update KB5015808 and RDS
Cumulative update KB5015808 is only available for Windows 10 version 1607 Enterprise LTSC and Windows Server 2016. The update is released on July 12, 2022 and fixes a number of issues. I had mentioned the update in the blog post Patchday: Windows 10-Updates (July 12 2022) and listed the fixes of this update in the post RDS issues after Windows update KB5015808.
RDS problems after update
Blog reader Patrick B. then contacted me via email and reported massive issues he had to deal with in connection with the update KB5015808 in his RDS infrastructure. He was experiencing black screens, hanging logins, sporadic hangs and crashes in the Windows Server 2016-based RDS infrastructures he was managing. The problems have so far only occurred on installations with more than 20 users, but with several customers at the same time. Inevitably, FSLogix is also used there.
In the comments more users confirm problems, but especially to my blog post RDS issues after Windows update KB501580 there were corresponding feedbacks. Citrix was also mentioned in the comments. The only solution for the affected administrators was to uninstall the update KB5015808 – not a good idea for a security update from July 2022. As far as I know, there was no correct update either as a preview in July or as a security update or preview in August 2022. Microsoft still claims in the KB5015808 support post that there are no known problems.
Unofficial fix via KIR
To my blog post RDS issues after Windows update KB501580 there was a hint from Bill Davis that you can fix this problem by using the registry editor and navigate to the following key:
Then add the DWORD value 254221451 and set it to 0. This would disable the "fix" published in KB5015808 and the August update that causes these problems. Bill still referenced the reddit.com post FSlogix Failed to acquired logon lock on Server 2016 KB5015808 and wrote that he is currently testing this in phases on his VDI farm.
There were no explanations for the above registry entry, either from Bill or in the reddit.com tweet. But the thought "This is a trigger for a Known Issues Rollback" (KIR) immediately crossed my mind. After all, these are exactly the values that are entered in the Overrides key to roll back a fix from an update. However, I didn't realize that Microsoft ported this back to version 1607, introduced in Windows 10 version 2004.
I described the Known Issue Rollback (KIR) feature in the post Windows 10 2004-20H2: Office memory or media error when opening documents fixed. KIR allows Microsoft to automatically roll back a fix for identified problems. This disables the problematic fix and re-enables the saved previous code, so it does not uninstall the entire update. Many details can be read in this Microsoft article.
However, while researching this article, I came across the reddit.com thread FSlogix Failed to acquired logon lock on Server 2016 KB5015808, where my suspicions were confirmed. Microsoft has several support requests (cases) open about this issue. The August 2022 updates do not fix the above error, but affected people have been contacted by Microsoft support. One then linked to the download of the following MIS file for the rollback:
If this MSI file is installed, the special group policy for KIR can be found under Computer Configuration -> Administrative Templates (some entry KB5015808 220809_20051 Known Issue Rollback). For information on deploying and configuring this special Group Policy, see How to use Group Policy to deploy a Known Issue Rollback. Maybe it helps – feedback in the reddit.com thread FSlogix Failed to acquired logon lock on Server 2016 KB5015808 certainly signals that some people have had success.
Cookies helps to fund this blog: Cookie settings