RDP failing after update KB5087537 and KB5087065

Posted by Titanium125@reddit | sysadmin | View on Reddit | 13 comments

Last night I ran a reboot on a server and it installed these two updates in the title. After these updates, RDP is failing. I don't know for sure that's why it's failing, but it is the most recent thing to change.

Event viewer shows that Event ID 21 in the terminal server logs, so the user logon is successful. It fails after putting in the password.

All the relevant registry keys appear to be set properly and all the relevant services appear to be running properly.

I'm not finding much on google that is helpful here. Neither of those KBs have any particular RDP issues documented.

This is a Serer 2016 install. It is a VM and I did grab a snopshot first so I can always roll it back if necessary.

[-]

luluthresh@reddit

I have the same issue but on Win 11 desktops, after users insert a password it just freezes for eternity, unless the password is cache in Credential Manager

[-]

TheWoleM@reddit

Does the VM still have the same IP? I recently ran an update on my Windows VM, and it renewed the DHCP lease, which changed the IP address. As a result, all RDP attempts started failing unexpectedly. I ended up assigning a static IP and changing it back to the original address.

[-]

RansomStark78@reddit

Servers should be static imho

[-]

autogyrophilia@reddit

You still may want to make a DHCP reservation. So many times I have network drivers updates make it wipe the configuration ...

[-]

RansomStark78@reddit

Yes def

[-]

TheWoleM@reddit

Will do, thank you

[-]

wdjenkins@reddit

Agreed, and the latest MS patches caused most of our server NICs to revert to dhcp (on vlans with no dhcp). Caused a bit of a scramble to restore settings.

[-]

TheWoleM@reddit

Right, it was a silly mistake I made while creating it in a hurry. Glad I caught it quick

[-]

BlackV@reddit

The many mentioned duplicate sid issue that has been doing the rounds here in the few months?

[-]

mythlabb@reddit

Another possible angle: We ran into an issue with RDP on some machines recently and identified it as an issue (possibly starting with KB5070568) with enforcement SID checks during NTLM or Kerberos authentication. One of my engineers had been imaging PCs in a way that we had duplicate SIDs, which wasn’t a problem before. Just had to reimage the ones with duplicate SIDs.

[-]

assortedpriesthood@reddit

Check if the hostname is exactly 15 characters long, since KB5087537 has that known issue with DCLocator calls. Even though it's documented for DFS and domain controller lookups, it could be breaking RDP authentication if the server needs to validate credentials against the domain. You might need to either roll back that specific KB or rename the server to test.

[-]

ihaxr@reddit

KB5087065 is just .NET updates, so it's probably not that.

KB5087537 does have some RDP updates and has a known issue:

When the hostname is 15 characters long, DCLocator calls (for example, using nltest /dsgetdc: /pdc) will return ERROR_INVALID_PARAMETER, preventing applications and administrative tools from locating a domain controller. As a result, administrative operations that rely on domain controller lookup might fail, impacting scenarios such as DFS Namespace management.

Not sure if that would affect RDP though.. but I know we stopped the rollout of this fix because of the known issue.

[-]

Titanium125@reddit (OP)

I saw that but didn't think it would affect it either. The hostname is less than 15 characters on this server anyway.