Windows Server 2003 requires a second reboot to accept RDP connections, after installing patches
This is a problem that has been around for a very long time, but doesn’t affect every W2K3 server, and is not guaranteed to affect the same ones every time… it’s come onto my radar again today so I thought it worth covering it…
The scenario is this:
On a Winodws Server 2003 server you install patches (or possibly add a component or 3rd party product requireing a restart) and then reboot the server.
The server has no apparent problems restarting, but it is not reachable by RDP - the server simply doesn’t respond and the connection times out.
You reboot the server again, and Remote Desktop is working again.
This most typically gets reported shortly after Patch Tuesday, when a security update requiring a restart is applied to hundreds of thousands of servers worldwide, and a fraction of them experience this weird issue.
The cause is a timing issue, where the Terminal Services service (TermSrv) manages to get started before the TermDD.sys driver is loaded, so the service has nothing at the network layour to bind to and so is cut off from all network interfaces.
The timing issue comes from the post-reboot actions from the installation of the software, which is why a subsequent restarts do not have the problem.
There is a simple workaround, requiring a minor registry edit under the key HKLM\SYSTEM\CurrentControlSet\Services\TermService - the value to edit is the REG_MULTI_SZ named DependOnService.
To this value you need to add the entry termdd - this will then synchronize the startup of the Terminal Services service with the loading of TermDD.sys.
I didn’t think I would be writing blog entries on W2K3 in 2013, but seeing as it’s still got a couple of years’ worth of security updates left and there are many installations still out there, I guess it’s worth it! :)