P2 · Remote Access & VPN

RDP Sessions Disconnect After ~65 Seconds Over UDP — Windows 11 24H2 Clients to Server 2016 RDS Hosts

A Windows update regression causes RDP sessions using UDP transport to disconnect approximately 65 seconds after connection establishment. Windows 11 24H2 and Server 2025 clients connecting to Server 2016 RDS hosts are primarily affected. Microsoft resolved the issue via cumulative update or Known Issue Rollback (KIR). Disabling UDP transport forces TCP fallback as a temporary workaround.

Indicators

RDP/RDS session disconnects consistently at approximately 65 seconds after connection establishment
Disconnects occur specifically over UDP transport — TCP-only sessions remain unaffected
Issue began appearing immediately after a Windows cumulative update was applied
Windows 11 24H2 clients disproportionately affected when connecting to Server 2016 RDS hosts
Sessions using TCP transport (forced via GPO) do not exhibit the disconnect behaviour

Likely causes

Windows update regression broke UDP transport negotiation or keepalive behaviour in the RDP stack, causing sessions to time out after ~65 seconds
Compatibility gap between the updated RDP client stack on Windows 11 24H2 / Server 2025 and the older RDP implementation on Server 2016 RDS hosts when using UDP transport

Diagnostic steps

Open Event Viewer on the client and navigate to 'Applications and Services Logs > Microsoft > Windows > RemoteDesktopServices-RdpCoreTS > Operational'. Check connection entries for UDP or TCP transport indication.

Confirm whether sessions are using UDP transport, which is the transport affected by this bug. If only TCP is in use and disconnects still occur, investigate a different root cause.
During an active RDP session, run 'netstat -an | findstr 3389' on the client to check for UDP connections to port 3389 on the RDS host.

Provides real-time confirmation of UDP transport usage during the session before disconnect occurs.
Record the exact time of disconnection relative to session start using a stopwatch. Note whether the disconnect consistently occurs near the 65-second mark across multiple connection attempts.

A consistent ~65-second timeout pattern strongly correlates with this specific regression and distinguishes it from network-layer timeouts or authentication issues.
Run 'Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 20' in PowerShell on affected clients to identify recently installed updates.

Identifies the specific update that introduced the regression, and determines whether the Microsoft fix or KIR has already been applied.
As a diagnostic test, apply Group Policy 'Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client > Turn Off UDP On Client' set to Enabled, run 'gpupdate /force', then attempt to reconnect.

If disabling UDP eliminates the disconnects, this confirms the root cause is the UDP transport regression. Sessions will fall back to TCP.
Check Microsoft's Known Issue Rollback (KIR) documentation and cumulative update release notes for Windows 11 24H2 and Server 2016 to identify the fix KB article.

Determines whether the Microsoft-provided fix has been released and is applicable to the affected systems.
On the Server 2016 RDS host, run 'Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber' (or run 'winver') to confirm the host OS version and current patch level.

Verifies the affected platform combination (Server 2016 host + Windows 11 24H2 or Server 2025 client) and determines whether the host-side fix, if any, has been applied.

Resolution path

1. Apply the Microsoft-provided fix: Install the cumulative update or Known Issue Rollback (KIR) released by Microsoft for this RDP UDP disconnect regression. Check the Windows Update Catalog and Microsoft's Known Issues page for Windows 11 24H2 and Server 2016 for the relevant KB article.
2. Temporary workaround — disable UDP transport on affected clients: Open gpedit.msc and enable 'Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client > Turn Off UDP On Client'. Run 'gpupdate /force' to apply.
3. Alternative workaround — disable UDP on the RDS host: On Server 2016 RDS hosts, configure 'Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > Select RDP transport protocols' to 'Use only TCP'.
4. After applying the Microsoft fix, re-enable UDP transport by setting the workaround Group Policy objects back to 'Not Configured' and running 'gpupdate /force'. Verify sessions remain stable past the 65-second mark.
5. Rollback — KIR Group Policy: if the KIR GPO causes unintended behaviour, revert the GPO setting and run 'gpupdate /force' to remove the KIR.
6. Rollback — cumulative update: if a cumulative update causes new issues, remove it via 'Settings > Windows Update > Update History > Uninstall Updates' or 'wusa /uninstall /kb:<KBNumber> /quiet /norestart', then reboot.
7. Rollback — TCP-only workaround: revert 'Select RDP transport protocols' policy to 'Not Configured' or 'Use both UDP and TCP' and run 'gpupdate /force' to restore UDP transport.
8. Post-fix verification: establish an RDP session from a Windows 11 24H2 client to a Server 2016 RDS host and confirm the session remains stable beyond 65 seconds. Check the RemoteDesktopServices-RdpCoreTS/Operational log for successful UDP transport establishment and absence of disconnect events at the 65-second mark. Monitor affected users for 24–48 hours post-fix to confirm no recurrence.

Prevention

Enroll RDS infrastructure in Windows Insider or Release Preview ring on a non-production test environment to catch RDP regressions before production deployment
Implement phased Windows Update deployment policy using Windows Update for Business or WSUS deferral rings — updates reach a canary group of RDS clients and hosts 1–2 weeks before broad deployment
Monitor RDS session duration metrics and alert on sessions disconnecting consistently near 60–70 second thresholds, providing early warning of UDP transport regressions post-patch
Maintain documented Group Policy objects ready to disable UDP RDP transport that can be rapidly deployed as an emergency workaround when RDP connectivity regressions are identified
Subscribe to the Windows Health Dashboard (aka.ms/WindowsReleaseHealth) and review Known Issue entries for RDS/RDP before deploying updates to production RDS infrastructure
Plan upgrade path from Windows Server 2016 RDS hosts to Server 2019 or Server 2025 — older host OS versions are more susceptible to client-side update incompatibilities

Tools

Event Viewer / Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational log (diagnose RDP transport type and disconnect events)
Group Policy Editor / gpedit.msc (apply UDP disable workaround)
gpupdate /force (apply Group Policy changes immediately)
Windows Update / Microsoft Update Catalog (locate and apply KIR or cumulative update fix)
netstat -an (confirm UDP port 3389 usage during active RDP session)
Get-HotFix (PowerShell — enumerate installed updates)
wusa.exe (uninstall specific Windows updates by KB number for rollback — 'wusa /uninstall /kb:<KBNumber> /quiet /norestart')

References

BleepingComputer — Windows 11 24H2 RDP disconnects after ~65 seconds (Microsoft fixes via update/KIR)

rdprdsremote-desktopwindows-11-24h2server-2016server-2025udpdisconnectregressionwindows-updatekirknown-issue-rollbacksession-timeoutconnectivity65-secondsrollbackverificationwusawindows-health-dashboardserver-2019