Quick Tip– Remove KB2667402 before you install Windows 2008 R2 Service Pack 1…
This weekend I have been working on a large Exchange 2010 upgrade to Service Pack 2. The Exchange environment that I have been working within works well, but it has not had a lot of TLC in a while, and aside from the upgrade to Service Pack 2 for Exchange; I also needed to perform an upgrade to Service Pack 1 of the Windows 2008 R2 O/S.
Now, this Exchange infrastructure has a number of nodes spread out over the UK therefore much of the work has needed to be done remotely via RDP. Initially the work was going very well – prepped the first Exchange DAG node for the Operating System update via the “StartDAGServerMaintenance.ps1” script and then executed the Windows 2008 R2 Service Pack 1 installation process.
The service pack itself went well – right up until the point where I needed to reboot when the processes had finished. After the reboot had completed – I found that I could no longer RDP to the machine (which was based in Oxford which is about 70 miles from me so I was not going to get there in a hurry). I could get the RDP client to initialise the connection and perform a logon, but at the point where the session was preparing the User Desktop it would disconnect the session!
Luckily, I was able to remote to the machine using the iLO (integrated lights out) function (as it the box itself was a HP server with iLO enabled) and logon directly to the console so I was not completely screwed.
I suspected that this was being caused by an update that had been applied to the server prior to Service Pack 1; and after some quick investigation I found KB2667402 – which is defined as:
This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
I decided to remove the patch from the server – so I could check to see if I could then RDP properly. Removing the update required a reboot – which when completed I found that I was able to logon to the server via RDP normally again.
I then re-installed the update (as it is Critical rated update and I did not wish to leave the server unprotected), rebooted again – and RDP continued to work correctly on the box. So, if you are applying Service Pack 1 to a Windows 2008 R2 server which has KB2667402 installed – you might want to remove it first, and then reapply it.