Removing KB2667402 Before Installing Windows 2008 R2 Service Pack 1
I have been working on a large Exchange 2010 upgrade to Service Pack 2. The Exchange environment that I have been working within works well, but it has not had a lot of TLC in a while, and aside from the upgrade to Service Pack 2 for Exchange, I also needed to perform an upgrade to Service Pack 1 of the Windows 2008 R2 O/S.
Now, this Exchange infrastructure has a number of nodes spread out over the UK, therefore much of the work has needed to be done remotely via RDP. Initially, the work was going very well – prepped the first Exchange DAG node for the Operating System update via the “StartDAGServerMaintenance.ps1” script and then executed the Windows 2008 R2 Service Pack 1 installation process.
The service pack itself went well – right up until the point where I needed to reboot when the processes had finished. After the reboot had completed – I found that I could no longer RDP to the machine (which was based in Oxford which is about 70 miles from me so I was not going to get there in a hurry). I could get the RDP client to initialise the connection and perform a logon, but at the point where the session was preparing the User Desktop it would disconnect the session!
Luckily, I was able to remote to the machine using the iLO (integrated lights out) function (as it the box itself was a HP server with iLO enabled) and logon directly to the console so I was not completely screwed.
I suspected that this was being caused by an update that had been applied to the server prior to Service Pack 1; and after some quick investigation I found KB2667402 – which is defined as:
This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
I decided to remove the patch from the server – so I could check to see if I could then RDP properly. Removing the update required a reboot – which when completed I found that I was able to logon to the server via RDP normally again.
I then re-installed the update (as it is Critical rated update and I did not wish to leave the server unprotected), rebooted again – and RDP continued to work correctly on the box. So, if you are applying Service Pack 1 to a Windows 2008 R2 server which has KB2667402 installed – you might want to remove it first, and then reapply it.
Andy Grogan [ MVP (Exchange) ]Andy is an experienced senior IT professional who is comfortable managing both large, complex technical IT environments and operating at the strategic IT direction level. He has a strong background in 3rd tier technical, data center operations management and solution design which has been built up over 16 years of experience within the IT industry in both private and public sectors - working with many frameworks and disciplines. During his career, Andy has held roles ranging from 1st and 2nd line support, head of 3rd line operations, and head of technical services all the way through head of IT. Holding such a diverse array of positions has given him a deep understanding not only of how IT organizations work from the ground level up, but how they can and should operate delivering quality services to the businesses which they support. Andy has a demonstrable track record in the design, sourcing, project management and implementation of large scale technical projects and a very eclectic technical experience base, founded predominately in Microsoft technologies (Exchange, AD, SQL, SCOM, Windows Server). He has also worked with or managed the delivery of IBM (storage, P-Series and TSM), HP (servers and storage), Cisco (routers, switches, firewalls, IPT), VMWare (ESX, ESXi,VSphere), Citrix(MetaFrame,XPe,PS4,XenApp) and Data Center / IT operations management. Andy is a 4-time recipient of Microsoft’s Most Valued Professional award for Exchange Server (2009, 2010, 2011 and 2012), and a well-known author within the international Exchange community, writing content for sites such as TechTarget, MSExchange.org, ENow and his own personal site telnetport25.com.