Recent Windows Server updates spoil VPN, RDP, RRAS connections

This month’s Windows Server updates are inflicting quite a lot of problems, together with VPN and RDP connectivity issues on servers with Routing and Remote Access Service (RRAS) enabled.

RRAS is a Windows provider that gives further TCP connectivity and routing options, together with far flung get admission to or site-to-site connectivity with the assistance of digital non-public community (VPN) or dial-up connections.

Last week, Microsoft launched the Windows Server 2019 2012 R2 KB5014746, the Windows Server 2019 KB5014692, the Windows Server 20H2 KB5014699, and the Windows Server 2022 KB5014678 updates as a part of the June 2022 Patch Tuesday.

However, after deploying those contemporary updates, Windows admins have reported experiencing more than one problems that would handiest be resolved after utterly uninstalling the updates.

One of the more serious issues is the servers freezing for a number of mins after a shopper connects to the RRAS server with SSTP.

Windows Remote Desktop and VPN connectivity problems

The overwhelming majority of news similar to those issues coming in since Patch Tuesday have a commonplace theme: dropping Remote Desktop and VPN connectivity to servers with Routing and Remote Access Service (RRAS) enabled the place the June Windows Server Updates were put in.

“What I noticed after the June updates have been put in used to be that no TCP connections established from both the client-side or the server-side would ever rise up and working. I could not do a fundamental RDP consultation into the server both (even the place a VPN is not wanted as a result of I’m connecting from a control PC inside of the similar depended on subnet),” one admin instructed BleepingComputer.

“Furthermore, no far flung VPN/RRAS purchasers may just hook up with the server (which used to be the explanation why the server used to be configured for NAT routing within the first position).”

“SSTP failed fully [..] in addition to RDP. RDP additionally did not our IKE RRAS servers even if IKE connections persevered to paintings (nonetheless now not slightly certain how),” some other one stated.

“We ended up the usage of the GCP console interface to get into the ones servers, to get the RRAS (Routing and Remote Access provider) setup to not get started in order that after a reboot shall we far flung in and revert the patches.”

Multiple different admins [1, 2, 3, 4, 5, 6] have additionally reported on Reddit and in feedback to BleepingComputer tales that they are having problems with LLTP/SSTP VPN purchasers and RDP failing to attach after deploying the June Windows Server updates.

“Problem is going away after rolling again. Problem passed off a 2nd time after this patch used to be reinstalled. Rolling again mounted the problem, once more. We skilled this downside from two other RRAS servers from two other places -single area,” one in all them defined.

While it isn’t transparent what’s inflicting those problems, Microsoft mounted a ‘Windows Network Address Translation (NAT) Denial of Service Vulnerability’ tracked as CVE-2022-30152 that can have presented insects into RRAS connectivity.

How to mend

Unfortunately, since Microsoft is but to recognize those connectivity issues and supply a repair, the one technique to deal with those problems on affected servers is to uninstall the corresponding cumulative replace on your Windows Server model.

Admins can do that by means of the usage of some of the following instructions:

Windows Server 2012 R2: wusa /uninstall /kb:KB5014746
Windows Server 2019: wusa /uninstall /kb:KB5014692
Windows Server 20H2: wusa /uninstall /kb:KB5014699
Windows Server 2022: wusa /uninstall /kb:KB5014678

However, for the reason that Microsoft bundles all safety fixes inside of a unmarried replace, getting rid of this month’s cumulative replace would possibly repair the insects however may also take away all safety patches for vulnerabilities addressed all through the June Patch Tuesday.

Therefore, sooner than uninstalling those updates, you must be sure that it’s completely essential and that reviving RDP or VPN connectivity to your servers is well worth the larger safety dangers.

As we in the past reported, Microsoft could also be operating on addressing some other recognized factor affecting each Jstomer and server platforms, inflicting connectivity problems when the usage of Wi-Fi hotspots after putting in the June Windows updates.

Furthermore, this month’s Windows updates might also motive backup problems on Windows Server methods, with some apps failing to backup knowledge the usage of Volume Shadow Copy Service (VSS).

Microsoft didn’t respond to a request for remark when BleepingComputer reached out previous nowadays.

Leave a Comment