If you are running Windows Server 2008 R2 servers and you find yourself randomly being disconnected from RDS (Remote Desktop Services) sessions on your servers, or sometimes find your servers completely inaccessible you could be impacted by an issue as a result of servicing order (AKA, the order in which you install Windows Updates). The issue effects servers running Windows Server 2008 R2 with Service Pack 1 and with KB2667402 (Update for Terminal Service Denial of Service Vulnerability).
If you are running Windows Server 2008 R2 servers and you find yourself randomly being disconnected from RDS (Remote Desktop Services) sessions on your servers, or sometimes find your servers completely inaccessible you could be impacted by an issue as a result of servicing order (AKA, the order in which you install Windows Updates). The issue effects servers running Windows Server 2008 R2 with Service Pack 1 and with KB2667402 (Update for Terminal Service Denial of Service Vulnerability).
This is something I thought I had written about already as it effected us in a big way at work due to the way in which our virtual machine images were compiled but it seems actually, I hadn’t.
In Windows Server 2008 R2 RTM, the file version of the rdpcorekmts.dll file in Windows Server 2008 R2 RTM is 6.1.7600.16952. In Windows Server 2008 R2 with Service Pack 1, the file version of the rdpcorekmts.dll file is 6.1.7601.17767 and the file version of the rdpcorekmts.dll file after installing KB2667402 is 6.1.7601.17828.
If as a result of servicing order, you installed the KB2667402 update prior to installing Windows Server 2008 R2 Service Pack 1, the file version of rdpcorekmts.dll is downgraded from the KB2667402 version number to the SP1 version number and the hotfix is in essence removed. This causes the Remote Desktop Services service to fail and terminate itself repeatedly as the service believes that there is an attempt to modify it’s files occurring and as a failsafe, shuts down remote access.
In order to resolve the issue, Microsoft re-released KB2667402 as KB2667402v2 which allows you to re-install the update after an installation of Service Pack 1 to bring the file version back up to 6.1.7601.17828 and to allow the Remote Desktop Services service to work again as normal. Trying to re-install the original release of KB2667402 will result in a message that the update is already installed and does not apply to this computer.
You can download the version 2 release of the update from the Microsoft Download Center at http://www.microsoft.com/en-us/download/details.aspx?id=29169. The update is 327KB and requests a reboot, however you can install the update and delay the restart by simply manually restarting the Remote Desktop Services service. You should still restart the server at some point in time though as the pending reboot will block operations such as installation of roles and features.