[German]The March 2022 updates KB5011551 and KB5011497 have caused various issues on Windows Server 2019 and Windows Server 2022 on some machines. These range from password loops on Windows Server 2019 to remote desktop issues on Windows Server 2022. Since there are new security updates as of today, April 12, 2022, I'm summarizing the status of issues related to March 2022 updates in this post.
The March 2022 security updates, as well as the preview updates, have brought real problems to some administrators for specific Windows Server installations.
KB5011497: Problems with remote desktop gateways
Windows Server 2022 cumulative update KB5011497 was released March 8 to address unspecified vulnerabilities. Due to the SMBv3 vulnerability CVE-2022-24508, the security updates released for the March 2022 patchday should be installed promptly (see CERT-EU warns of SMBv3 vulnerability CVE-2022-24508, fix through Windows March 2022 updates).
Under Windows Server 2022 there might be the problem that after the update installation various roles for remote desktop gateways are no longer available or work. Several blog readers informed me about these problems early on. Blog reader Sebastian writes about the error pattern that:
- Remote desktop connection broker
- Remote desktop management
are missing after installing the update and the required roles are broken afterwards. I picked up on the issue as well as confirmation of issues by other administrators in the blog post Windows Server 2022: March 2022 update KB5011497 breaks remote desktop gateway role.
.NET4.8 update KB5011258 is missing
Over the course of a few days, a few suggestions came in to correct the problems that were occurring. A reader tip from Denmark stated that a missing .NET4.8 update KB5011258 from February 4, 2022 could be a cause for these problems and referred to a feedback from Microsoft. I had picked up on this in the blog post Windows Server 2022: Fix for Remote Desktop problems with update KB5011497.
However, it seems that the subsequent installation of the .NET4.8 update KB5011258 solves the problem with the broken roles. One concerned reader stated that removing all desktop services and then re-installing them fixed the difficulties. This reader comment on the blog states that nothing helped in his case to fix the problems.
KB5011258 fixes event log only
There is another reader comment in blog that the previous installation of the .NET4.8 update KB5011258 probably fixes a problem in the event log. But the RDCB (RD Connection Broker) role is still broken and won't install. The issue is discussed by several people here in my blog – there is no solution. Blog reader Austin writes that Microsoft negates the bug because they could add the role in the lab. So it doesn't look good for affected people so far – let's see what the April 2022 patchday brings.
KB5011551 causes password loop
Preview update KB5011551, dated March 22, 2022, causes a password loop on Windows Server 2019 for some people. Users are prompted to reset their password. However, the password change that is then required cannot be performed and fails. I had picked up on this in the blog post Windows Server 2019: Update KB5011551 causes password loop. There and within my German blog, other administrators had confirmed the issue.
The solution currently is to uninstall preview update KB5011551 and block reinstallation. The expressed comment that installing preview updates on domain controllers is negligent may not really help. For the preview update is not very purposeful for those affected. There seem to have been some admins who installed the update, probably because of other fixes.
The problem why the comment doesn't help: the patches of the March preview update do migrate to the April 2022 security update. Unless Microsoft changes something, the described problem will also occur with the now expected April 2022 security update for Windows Server 2019.
I have alerted Microsoft's Windows Update social media team to the issue via Twitter. Only hope now is that they picked up on it, were able to find a root cause, and fixed the whole thing in the April 2022 security update. Anyway, administrators should be warned of the potential cliff and keep an eye on it.
Addendum: The issue is still open with April 12, 2022 security patches, see Windows Server 2022: Update KB5012604 breaks Remote Desktop Gateway.
Similar articles:
Patchday: Windows 10-Updates (March 8, 2022)
Patchday: Windows 11/Server 2022 updates (March 8, 2022)
Windows 10 / Windows Server Preview Updates (March 22, 2022)
CERT-EU warns of SMBv3 vulnerability CVE-2022-24508, fix through Windows March 2022 updates
Windows Server 2019: Update KB5011551 causes password loop
Windows Server 2022: March 2022 update KB5011497 breaks remote desktop gateway role
Windows Server 2022: Fix for Remote Desktop problems with update KB5011497
Windows Server: Open issues from March 2022 Updates (KB5011551, KB5011497)
Windows Server 2022: Update KB5012604 breaks Remote Desktop Gateway
Anyone know whether the CU for 2022 server for April also contains this CB breaking issue? Was released last night as KB5012604
https://support.microsoft.com/en-gb/topic/april-12-2022-kb5012604-os-build-20348-643-25216e88-f9c1-4b9f-a131-8f8b1149d0bb
And it still states issues with Remote Desktop connections
Yes KB5012604 seems to have broken connection broker for me.
Thx, got a 2nd confirmation from a German reader on Facebook – will write a follow up article.
To test I've just installed a fresh 2022 server, installed the broker role, installed the April update KB5012604 and *poof*, broken… The service is just not there anymore. Tried with the .NET updates installed, no go either. It's just broken.
Same problem here after upgrading from 2016 to 2022.
Remote Desktop Gateway works but after updating with latest updates Remote Desktop Gateway does not work anymore.
I rolled back the updates and disabled windows updates in the hope it will be solved in future.
https://support.microsoft.com/en-us/topic/may-24-2022-kb5014021-os-build-20348-740-preview-2b180bd4-dceb-4c49-b8cf-402b342ebc84
Addresses an issue that might remove or end Remote Desktop server roles after installing a Windows update.
Found it. They fixed it in the preview so it's rolled up in the June updates.
I can confirm, that the current CU (KB5014021) does not break the rd broker role or any other rd functionality anymore, at least, not on the customer deployment, where we tested it.
Thanks for feedbacks.
It look like a new one replace all previous KB (KB5014678).