Problems in RDP Connections on Windows Server 2008 R2

Recently we came across a nasty issue when remotely connecting to Windows Server 2008 R2 machines via RDP (Remote Desktop Protocol). In this case, these servers were actually Domain Controllers and not full featured terminal servers, but we’ve seen issues with these as well. Failing to use RDP to these servers caused the administrators to have to physically go to the servers and log on locally, or use some other sort of remote management software such as HP iLO. If these are virtual machines, it’s also possible to connect to their console using the virtualization software management suite. Either way, failing to use RDP to manage these servers may cause a significant issue for some.

RDP Connection Problems in Windows Server 2008 R2

The symptoms for the RDP problem include the following:

A user with administrative rights and permissions to RDP into the server(s), who was able to successfully connect to these machines, now reports that they can no longer connect to the machines.

Note: It seems that in some cases, this issue also happens for Windows 7 machines as well.

Once the user opens an MSTSC window and attempts to RDP into the server(s), they are prompted to enter their credentials. They do so, but just before their desktop appears, an error warning appears:“The connection to the remote computer was broken. This may have been caused by a network error. Please try connecting to the remote server again.”The user acknowledges the error message, and then the MSTSC window closes.
Checking the services on the remote server shows that the Remote Desktop Service is in a stopped state.
If you restart the Remote Desktop Service, the service runs till the next remote connection attempt. Sometimes, rebooting the server helps for a while.

Checking the Event Viewer on the remote server shows these events:Log Name: Application
Source: Application Error
Date: 04/06/2012 14:11:38
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Faulting application name: svchost.exe_TermService, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rdpcorekmts.dll, version: 6.1.7600.16952, time stamp: 0x4f1f9e66
Exception code: 0xc0000005
Fault offset: 0x000000000000a793
Faulting process id: 0x22e8
Faulting application start time: 0x01cd4242c6fd4162
Faulting application path: C:WindowsSystem32svchost.exe
Faulting module path: C:Windowssystem32rdpcorekmts.dllAnd:Log Name: System
Source: Service Control Manager
Date: 04/06/2012 14:12:12
Event ID: 7011
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TermService service.

And:

Log Name: System
Source: Service Control Manager
Date: 04/06/2012 14:12:40
Event ID: 7034
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The Remote Desktop Services service terminated unexpectedly. It has done this 4 time(s).

And:

Log Name: System
Source: Service Control Manager
Date: 04/06/2012 14:12:10
Event ID: 7011
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.

Solving the RDP Problem on Windows Server 2008 R2

It turns out that the cause for the problem is two important Windows security updates:

KB 2621440
KB 2667402

These updates were part of MS012-20, and were downloaded to the servers sometime in the second half of March 2012, if their settings were configured so.

The solution to the problem begins by uninstalling both updates. First, we uninstall KB 2667402: