Recent Microsoft updates for Windows Server seem to break more things than they fix, and the only way to fix recent issues is to completely uninstall the hotfix. Earlier this month, the Redmond software giant released four updates for different versions of Windows Server: KB5014746, KB5014692, KB5014699 and KB5014678.

Administrators who installed these updates soon began reporting “a wide range” of issues identified by BleepingComputer, including VPN issues and Routing and Remote Access Service (RRAS) and RDP connection endpoints. One of the problems was quite serious, the post writes that after the client connects to the RRAS server using SSTP, it causes the servers to hang for a few minutes.

Troubleshooting

“After installing the June updates, I found that no TCP connections established by the client or server would start and work. I don’t need a VPN because I’m connecting from the administrator’s computer to the same trusted subnet,” said one of the administrators.

It also said that remote VPN/RRAS clients could not connect to the server and SSTP like RDP completely failed. “We used the GCP console interface to access these servers so that the RRAS (Routing and Remote Access) settings would not start, so we could remotely and revert patches after a reboot,” the administrator said.

Many other admins have confirmed that the only way to get rid of the problem is to roll back the update. Microsoft has not yet identified the problem, so it is difficult to determine what is causing the problem. BleepingComputer suggests that Microsoft recently fixed a “Windows Network Address Translation (NAT) denial vulnerability” tracked as CVE-2022-30152 that could prevent RRAS connectivity.

Until Microsoft fixes the issue, the only thing admins can do is to uninstall the bulk fixes, which is unlikely to be a solution given that the other fixes included in this knowledge base will also be reapplied. Source