Routing and Remote Access Windows Server 2022

[German]As of June 23, 2022, Microsoft has indeed released preview updates for Windows 10 V1809 /Windows Server 2019, Windows 11 and Windows Server 2022. Nothing is noted in the support article for these updates, but Microsoft states on the Windows Health status pages of various Windows versions that issues reported here on the blog (RDP, VPN, WLAN, Hotspot feature) have been fixed in the Hotspot part. Here is some information about this issue.

The VPN, WLAN, Hotspot issues

As a result of the security updates released on June 14, 2022, numerous users here on the blogs and on the Internet have reported problems with VPN, WLAN, Hotspot. Microsoft confirmed that the following systems:

• Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• Server: Windows Server 2022; Windows Server, version 20H2; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

are affected, and investigated the problem. I had taken this up in the blog post June 2022 Patchday issues (part 2): RDP, VPN, WLAN, hotspot connection and more.

Preview Updates for Windows (June 23, 2022)

As of June 23, 2022, Microsoft has released an optional cumulative (preview) update for Windows Server 2022, in addition to preview updates for Windows 10 V1809 /Windows Server 2019) and Windows 11. The updates are:

• Preview Update KB5014665 for Windows Server 2022
• Preview Update KB5014668 for Windows 11
• Preview Update KB5014669 for Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows Server 2019

I addressed the updates mentioned in the blog post Windows 10, 11, Server: Preview Updates June 23, 2022, but didn't read anything ad-hoc about a fix in the descriptions of the fixes (the German support article hasn't been updated at that time). For the preview update KB5014668 for Windows 11, the support article still mentions a known issue that when trying to use the hotspot feature, the host device may lose connection to the Internet after a client device connects. But the English support pages has an additional note: Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature.

Microsoft reports the hotspot fix

I became aware of this post from the colleagues at Bleeping Computer. There spotted that the preview updates would fix VPN, RDP, RRAS and Wi-Fi issues. For reference, the three entries [1, 2, 3] titled Unable to connect to internet when using Wi-Fi hotspot feature in the Windows health dashboard of the three Windows versions mentioned above are given. The entry states:

After installing KB5014697, Windows devices might be unable to use the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects.

Resolved KB5014668 022-06-23, 14:00 PT

Depending on the Windows version, of course, a different KB contribution is given.

RRAS problem also fixed?

Microsoft confirmed the problem with RRAS servers to Bleeping Computer and the colleagues write here that temporarily disabling the NAT function on RRAS servers helps with this problem. Bleeping Computer quotes an administrator here with the following words:

Microsoft released a fix for the RRAS/VPN issues today in the form of the 2022-06 Preview cumulative update. I have tested it and it appears to fix the issues.

Microsoft has not confirmed this publicly yet. Can anyone say anything about this?

Similar articles:
Patchday: Windows 10-Updates (June 14, 2022)
Patchday: Windows 11/Server 2022 Updates (June 14, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (June 14, 2022)
June 2022 patch day review: Windows update issues, Intel vulnerability, documentation fails
June 2022 Patchday issues (part 2): RDP, VPN, WLAN, hotspot connection and more
June 2022 updates: Issues with RDP on Windows, BlackBerry UEM BSCP as cause?
Windows 10, 11, Server: Preview Updates June 23, 2022

Posted on June 21, 2022 by

This month’s Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled.

RRAS is a Windows service that offers additional TCP connectivity and routing features, including remote access or site-to-site connectivity with the help of virtual private network (VPN) or dial-up connections.

Last week, Microsoft released the Windows Server 2019 2012 R2 KB5014746, the Windows Server 2019 KB5014692, the Windows Server 20H2 KB5014699, and the Windows Server 2022 KB5014678 updates as part of the June 2022 Patch Tuesday.

However, after deploying these recent updates, Windows admins have reported experiencing multiple issues that could only be resolved after completely uninstalling the updates.

One of the more severe problems is the servers freezing for several minutes after a client connects to the RRAS server with SSTP.

Windows Remote Desktop and VPN connectivity issues

The vast majority of reports related to these problems coming in since Patch Tuesday have a common theme: losing Remote Desktop and VPN connectivity to servers with Routing and Remote Access Service (RRAS) enabled where the June Windows Server Updates have been installed.

“What I saw after the June updates were installed was that no TCP connections established from either the client-side or the server-side would ever get up and running. I couldn’t do a basic RDP session into the server either (even where a VPN isn’t needed because I’m connecting from a management PC within the same trusted subnet),”

“Furthermore, no remote VPN/RRAS clients could connect to the server (which was the reason why the server was configured for NAT routing in the first place).”

“SSTP failed entirely [..] as well as RDP. RDP also failed to our IKE RRAS servers even though IKE connections continued to work (still not quite sure how),”.

“We ended up using the GCP console interface to get into those servers, to get the RRAS (Routing and Remote Access service) setup not to start so that after a reboot we could remote in and revert the patches.”

“Problem goes away after rolling back. Problem occurred a second time after this patch was reinstalled. Rolling back fixed the issue, again. We experienced this problem from two different RRAS servers from two different locations -single domain,” one of them explained.

While it is not clear what is causing these issues, Microsoft fixed a ‘Windows Network Address Translation (NAT) Denial of Service Vulnerability’ tracked as CVE-2022-30152 that may have introduced bugs into RRAS connectivity.

How to fix

Unfortunately, since Microsoft is yet to acknowledge these connectivity problems and provide a fix, the only way to address these issues on affected servers is to uninstall the corresponding cumulative update for your Windows Server version.

Admins can do this by using one of the following commands:

Windows Server 2012 R2: wusa /uninstall /kb:KB5014746
Windows Server 2019: wusa /uninstall /kb:KB5014692
Windows Server 20H2: wusa /uninstall /kb:KB5014699
Windows Server 2022: wusa /uninstall /kb:KB5014678

However, given that Microsoft bundles all security fixes within a single update, removing this month’s cumulative update may fix the bugs but will also remove all security patches for vulnerabilities addressed during the June Patch Tuesday.

Therefore, before uninstalling these updates, you should ensure that it is absolutely necessary and that reviving RDP or VPN connectivity on your servers is worth the increased security risks.

As we previously reported, Microsoft is also working on addressing another known issue affecting both client and server platforms, causing connectivity issues when using Wi-Fi hotspots after installing the June Windows updates.

Furthermore, this month’s Windows updates may also cause backup issues on Windows Server systems, with some apps failing to backup data using Volume Shadow Copy Service (VSS).

Original Posts: Recent Windows Server updates break VPN, RDP, RRAS connections

How do I enable Remote Access and Routing?

What changed in Windows Server 2022?

Is Windows Server 2022 still supported?

How do I install Remote Desktop Services on Windows Server 2022?