Workaround for broken Windows Remote Desktop Gateway service after July 2024 updates

Windows[German]There are some issues with the security updates that Microsoft rolled out for Windows on July 9, 2024. I have received some reports that the Remote Desktop Gateway service is broken under some Windows versions (Windows Server 2019, Windows Server 2022) and regularly crashes. This prevents remote connections. A blog reader has now pointed me to a possible workaround that keeps the Remote Desktop Gateway service alive, so that the uninstallation of the July 2024 security update in question may not be necessary.


Advertising

Remote Desktop Gateway service broken

The security updates from July 9, 2024 are definitely causing collateral damage to the Remote Desktop Gateway service. German blog reader Christian wrote in this German comment that he had to uninstall the cumulative update KB5040442 on a 2022 server. I had extracted the various user reports and a description of the situation in the blog post Windows July 2024 updates break remote connections.

As a result, other users confirmed the same problem under Windows Server 2019. In this German comment, Chris wrote that the TSGateway service under Windows Server 2019 is automatically terminated at irregular intervals (3 – 45 minutes). The following error is reported in the application log:

Faulting application name: svchost.exe_TSGateway, version: 10.0.17763.3346, time stamp: 0xb6a0daab
Faulting module name: aaedge.dll, version: 10.0.17763.6054, time stamp: 0xce1c5805

The following error entry is then stored in the system log.

The Remote Desktop Gateway service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

There is further confirmation of this bug caused by the July 2022 update in question in the comments to the blog post linked above. Andy writes here that Microsoft has already withdrawn the July 2024 updates for Windows Server. However, it does not seem to affect every Windows Server, in this comment says there are not issues.

Workaround for the problem?

Blog reader Magican posted this comment on the article Patchday: Windows 10/Server-Updates (9. Juli 2024) and wrote: "Here is the according MS article with a temporary solution". The reader referred to the article July 07-2024 Updates Break Remote Desktop Gateway Servers in the Microsoft Q&A section (Microsoft Learn). There someone writes the following about July 16, 2024:


Advertising

July 07-2024 Updates Break Remote Desktop Gateway Servers

We are seeing the issue on 2 of our four RDS Gateways (running 2022 STD).

Faulting application name: svchost.exe_TSGateway,
version: 10.0.20348.2520,
time stamp: 0xf862c7cb
Faulting module name: aaedge.dll,
version: 10.0.20348.2582,
time stamp: 0x78ded40f
Exception code: 0xc0000005
Fault offset: 0x000000000006613c
Faulting process id: 0x273c
Faulting application start time: 0x01dad77010a2bee1
Faulting application path: C:WINDOWS\system32\svchost.exe
Faulting module path: c:windows\system32\aaedge.dll
Report Id: d4502b05-b974-4660-bc13-5f2da108f403
Faulting package full name:
Faulting package-relative application ID:

and in TerminalServices-Gateway log:
The following exception code "3221225477" occured in the RD Gateway server. The RD Gateway will be restarted. No user action is required.

The results of these crashes are that all users connected via the affected gateway are immediately disconnected and must reconnect. Obviously very disruptive when its happening every 30 or so minutes!

As soon as the relevant July 2024 update is uninstalled, the problem is resolved. At first glance, this would simply be a confirmation of the facts described above, albeit supplemented by a few notes from the bug report. However, the thread is quite interesting because a user by the name of Karlie Weng, who describes himself as a "Microsoft vendor", has come forward. Weng states that they have found a workaround for the crashes and writes about it.

It appears that the problem is linked to the RPC-over-HTTP transport mechanism that the RDClient used to establish a connection with the Gateway.

As a temporary solution, you might want to try one of the following options:

  1. On your Remote Desktop Gateway (RD Gateway), create a new firewall rule to block incoming traffic on port 3388. Ensure the rule specifies "Deny" or "Block" to effectively prevent access.
  2. From all Windows client machines, delete the registry entry associated with RDGClientTransport. The specific path to this entry is: HKCU\SOFTWARE\Microsoft\Terminal Service Client\RDGClientTransport.

Please proceed with caution when modifying firewall rules and registry entries, as these changes can affect system functionality. It's recommended to back up relevant configurations before making any alterations.

It is unclear to me at this point whether the fix works and is applicable at all. Deleting a registry entry can only be done like this on individual machines. And in replies to Weng's post, a user asks which RDP clients normally use this transport? And if the transport is disabled, what alternative transport is used? But perhaps one of the readers concerned has the opportunity to test this and can give feedback as to whether it helps.

Similar articles:
Microsoft Security Update Summary (July 9, 2024)
Patchday: Windows 10/Server Updates (July 9, 2024)
Patchday: Windows 11/Server 2022-Updates (July 9, 2024)
Windows Server 2012 / R2 und Windows 7 (July 9, 2024)
Microsoft Office Updates (July 9, 2024)
Windows 11 update KB5040442 causes issues with Outlook 2021
Windows July 2024 updates break remote connections
Windows 10/11 updates (e.g. KB5040442) trigger Bitlocker queries (July 2024)
Windows Update July 2024: Are there issues with Radius authentications?
July 2024 security update KB5040427 crashes Windows 10/Server LPD printing service
Microsoft's fixes for various Windows bugs (July 2024)


Advertising

This entry was posted in issue, Update, Windows and tagged , , , . Bookmark the permalink.

5 Responses to Workaround for broken Windows Remote Desktop Gateway service after July 2024 updates

  1. IFacePlantTheWallWhen sfcforwardslashscannow says:

    Hi, thought I'd come across new information for this issue with a valid workaround, only to find at the end it's the same drivel from that so-called Microsoft Vendor about tinkering with the registry on client machines. I involuntarily face-palmed. Not a shot at this blog writer by any means, but it really does amaze me the kind of garbage that so-called Microsoft experts can come out with sometimes.

    Look, if anyone is using RDS in any serious capacity, this is not a workaround that any sane person should be recommending.

    My only recommendation to IT admins is to schedule a maintenance window and remove the faulty CU. After that, wait until the fault is fixed by Microsoft before patching again.

  2. Jorge M. says:

    Workaround installation can be automated and works good:

    rem to remove
    netsh advfirewall firewall del rule name="Block RDPProxy RPC negotiation (TCP-In)" protocol=tcp dir=in localport=3388
    netsh advfirewall firewall del rule name="Block RDPProxy RPC negotiation (UDP-In)" protocol=udp dir=in localport=3388
    netsh advfirewall firewall del rule name="Block RDPProxy RPC negotiation (TCP-Out)" protocol=tcp dir=out localport=3388
    netsh advfirewall firewall del rule name="Block RDPProxy RPC negotiation (UDP-Out)" protocol=udp dir=out localport=3388

    rem to add
    netsh advfirewall firewall add rule description="https://support.microsoft.com/help/5040437" name="Block RDPProxy RPC negotiation (TCP-In)" protocol=tcp dir=in localport=3388 action=block
    netsh advfirewall firewall add rule description="https://support.microsoft.com/help/5040437" name="Block RDPProxy RPC negotiation (UDP-In)" protocol=udp dir=in localport=3388 action=block
    netsh advfirewall firewall add rule description="https://support.microsoft.com/help/5040437" name="Block RDPProxy RPC negotiation (TCP-Out)" protocol=tcp dir=out localport=3388 action=block
    netsh advfirewall firewall add rule description="https://support.microsoft.com/help/5040437" name="Block RDPProxy RPC negotiation (UDP-Out)" protocol=udp dir=out localport=3388 action=block

    pause

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).