last night I ran into a very strange issue with connecting to a Windows Server 2008 R2 system using RDP. When opening the connection to the host, the remote display opened, showed, that the user is going to be logged in and straight afterwards the connection crashed and RDC client stated, that the connection has been terminated. No error detail, just an error window like when the server isn’t reachable at all.
What did I do?
Just before having issues with RDP connection (by the way: all other services ran fine on the machine, especially web and database services) I installed Service Pack 1 for Windows Server 2008. And that was my fault!
Microsoft has released a security fix on 2012-03-12 with the ID KB2667402 which is fixing a critical issue with remote desktop connection service. This update needs to be applied as soon as possible, because it enabled attackers to take control of your server using manipulated RDP packets. So installing the update is a MUST-DO of course. But when installing the optional update „Service Pack 1“ afterwards, your RDP connection will go lost. That’s a very nice feature, Microsoft built in its update routine, because everybody who is using hosting provides without direct access to the machines will run into a major problem: You cannot reach your server for remote administration anymore.
What to do about that?
First of all, be sure to install Service Pack 1 before installing hotfix KB2667402! If you do that, you will not encounter any problems with RDP. If you fall into the same trap like I did (installing SP1 afterwards), you need to get direct access to your machine (e.g. ask your provider for KVM access like LARA). Uninstalling the update KB2667402 and installing it afterwards will make your server be reachable by RDP again and having closed the security issue by the hotfix.
The problem is encountered by the file rdpcorekmts.dll in Windows‘ system32 folder. Having installed KB2667402 before SP1 means, SP1 will replace the fixed file with an older version which is causing problems with error messages like svchost.exe_TermService crashed (you may notice them in the event log). Reinstallation of hotfix KB2667402 is updating that file again to the newest version, so RDP will go live.
Your current file version for rdpcorekmts.dll should be 6.1.7601.17767, then you are fine.
I have to thank several pages and dicussion threads for providing the correct solution after all:
Good luck with your server.