Xenapp 6.5 Intermittent issues since KB4012215 (WannaCry security fix)

Hi All,

Ever since we installed KB4012215 as part of MS recommended protection against ransomware\ 'Wannacry' into our Windows 2008 R2 Xenapp 6.5 base image we've seen constant intermittent issues with file handles and permissions related to user profiles, UPM, Office applications and RDS.

Issue 1 - when user logs on\ launches a session:  
Word - 'your autocorrect file C:\users\user\appdata\roaming\microsoft\office\MSO3081.acl could not be saved - click OK 'Word cannot open the existing file normal.dot'

Issue 2- when user logs on\ launches a session:
Outlook signature file goes missing for customers - they'll add and then they'll lose it again on another session later.

There seem be weird file and handler locks and registry handles not being released properly or quickly enough after logon. i.e. an application wont recognise required datafiles (XML) in user\ \appdata\roaming profile folder even though the file\ folder definitely exists and can be written to.
To our frustration we cannot replicate the problem however it seems that the issues manifest when a user logs onto a specific CITRIX server the first time around and then relaunch an application session on THAT server again within a given timeframe. Testing further indicates that if a user is logged off completely and then they log back onto that same server the issue is NOT present.
A server reboot clears the issue for a little while until of course the probability of them hitting the same server mount and we start getting calls (we have approx. 60 servers)

This KB4012215 includes a bunch of other KBs but I cant seem to find anything in the individual KB notes for each that relate to our issues.

Has anyone had this experience or related or can offer some suggestions?

Note- this KB (and associated) is the only thing that has changed on our image recently


Your help is appreciated!
0
LVL 4

Expert Comment

by:alexsupertramp
are you sure it's  KB4012215?   KB4019215 wreaked absolute havoc on my hyper v failover cluster nodes.   many many weird issues, slow logins, hanging restarts, etc.      it turned out that it corrupted isci connections in my virtual san.   per my virtual san vendor, that update, among others needed to be removed and then those problems went away.  https://knowledgebase.starwindsoftware.com/uncategorized/fix-for-iscsi-targets-going-to-reconnecting-state-after-installation-of-windows-kb4015553-or-kb4019215/
0

Author Comment

by:loubot loubot
yes - its definetely KB 4012215 (it contains the MS17-010 Wannacry patch
Security Update for Microsoft Windows SMB Server (4013389)
0
LVL 33

Administrative Comment

by:Andrew Leniart
Hi loubot loubot,

Welcome to Experts Exchange.

What you have done is made a "Post".

To get a lot more experts to help, you need to "Ask a Question" so that more experts are able to see that you need help. Click the Big blue button near the top of your screen.

Ask a Question Button

The following link also explains more about asking for help at Experts Exchange.. http://support.experts-exchange.com/customer/portal/articles/336330

Regards,
Andrew
EE Topic Advisor
0

Author Comment

by:loubot loubot
thank you Andrew- I have now done so

Appreciate your time to assist :)
0
LVL 33

Expert Comment

by:Andrew Leniart
My pleasure. Good luck with your question :)
0

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month