May 27, 2012

Quick Tip– Remove KB2667402 before you install Windows 2008 R2 Service Pack 1…

This weekend I have been working on a large Exchange 2010 upgrade to Service Pack 2. The Exchange environment that I have been working within works well, but it has not had a lot of TLC in a while, and aside from the upgrade to Service Pack 2 for Exchange; I also needed to perform an upgrade to Service Pack 1 of the Windows 2008 R2 O/S.

Now, this Exchange infrastructure has a number of nodes spread out over the UK therefore much of the work has needed to be done remotely via RDP. Initially the work was going very well – prepped the first Exchange DAG node for the Operating System update via the “StartDAGServerMaintenance.ps1” script and then executed the Windows 2008 R2 Service Pack 1 installation process.

The service pack itself went well – right up until the point where I needed to reboot when the processes had finished. After the reboot had completed – I found that I could no longer RDP to the machine (which was based in Oxford which is about 70 miles from me so I was not going to get there in a hurry). I could get the RDP client to initialise the connection and perform a logon, but at the point where the session was preparing the User Desktop it would disconnect the session!

Luckily, I was able to remote to the machine using the iLO (integrated lights out) function (as it the box itself was a HP server with iLO enabled) and logon directly to the console so I was not completely screwed.

I suspected that this was being caused by an update that had been applied to the server prior to Service Pack 1; and after some quick investigation I found KB2667402 – which is defined as:

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

I decided to remove the patch from the server – so I could check to see if I could then RDP properly. Removing the update required a reboot – which when completed I found that I was able to logon to the server via RDP normally again.

I then re-installed the update (as it is Critical rated update and I did not wish to leave the server unprotected), rebooted again – and RDP continued to work correctly on the box. So, if you are applying Service Pack 1 to a Windows 2008 R2 server which has KB2667402 installed – you might want to remove it first, and then reapply it.

SHARE:
General Microsoft Products 2 Replies to “Quick Tip– Remove KB2667402 before you install Windows 2008 R2 Service Pack 1…”
Andy Grogan
Andy Grogan

COMMENTS

2 thoughts on “Quick Tip– Remove KB2667402 before you install Windows 2008 R2 Service Pack 1…

    Author’s gravatar

    Got the same problem, WSUS solves it later, but takes 2 nights to deploy all patches.

    Author’s gravatar

    Having the same problem kb2621440 was previously installed on a server then created a patch with kb2667402 and installed it after installing SP1. Rebooted and attempted to RDP. Was prompted for credentials and then entered local admin credentials and domain admin creds. Nothing hung at the connecting screen. You must insure that both of these KB’s are not installed on any server you plan to install SP1 onto. Install SP1 then install the Kb’s reboot and rdp. That should solve the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Do NOT follow this link or you will be banned from the site!
%d bloggers like this: