Users unable to login to terminal server with Webroot installed.


We are deploying Webroot to our clients and have been running into an issue with users unable to login at a certain point. After testing we found it has to do with Webroot being installed on there but we cant figure out what is causing the issue and we've had to remove Webroot. This seems to only be affecting Server 2008 R2 environments. 

198 replies

Hi all,
 
Is there confirmation that rolling back to v8 100% resolves the issue?
 
If we do this, what are the features we miss out on, or what are the drawbacks?
 
 
Thanks
Joe
I have not done the V8 but it was widly accepted around the net and via Webroot support that V8 does not have the issue.

V8 does not support path based whitelisting and is an older scanning engine.

I'm sure there will be a response here from WR as they are on to something...
 
Monitoring this thread awaiting a fix still.
5:00am wake up call today.
 
Must admit though server had not had the problem for almost one week, however week before it went 3-4 times.
 
Userlevel 2
We have over 2000 workstations without issue and over 230 servers running Webroot without problem. I know eventually there will be a fix for our handful of Terminal Servers that are having the problems.
 
In the meantime, what AV do you guys recommend we use until the fix is out? I don't really want to put v8 on and do without the path exclusion.
 
Thoughts?
 
Userlevel 6
Badge +26
All - Our dev and escalation team has come up with a work around that has proven to reduce the issue and we're considering it a work around until root cause is fully determined. Many on this forum and others that have an open ticket with our support team should have or will be recieving a communication with the following information.
 
Basically, set the policy setting assigned to the Terminal Server under Self Protection to minimum. This reduces the need to constantly verify the users privileges and since session users rarely if ever have elevated privileges, this should not be a problem.
 
Self protection tells the agent what elevated privileges are required to manually shut down the webroot service. Minimum requires the user to have local admin privileges and again, since terminal users traditionally do no thave elevated privileges, this shouldn't be an issue.
 
Stay tuned as we continue to focus on root cause and release a fix.
 
Thanks,
 
I agree, the path exclusion is arguably more important on RDS servers than any other. We need to be able to exclude file paths for certain line of business applications, else they end up becoming unstable. It rules v8 out of contention for me.
Hi all,

Webroot have released a set of recommendations for changing the server policy to "Minimum". This is now listed in the web portal as "Updated Recommended Server Defaults". I will be applying this over the course of the next week and will be monitoring for 4005s.

Thanks.
Userlevel 7
Badge +35
I have just received an update from our product team - please take a look at their post here
Is this recommended for all servers? Only 2012R2 OS? Only TS? 
Userlevel 7
Badge +35
@ wrote:
Is this recommended for all servers? Only 2012R2 OS? Only TS? 
Our advice is for Terminal Servers only at this time. 
Hi Anna,

I note that my "default server" policy has this set to Minimum already. Not sure if it was like this before or not. Either way I've got it running on one of my RDS servers now so will track and see how it goes.

Out of curiosity, what should other servers be set to..?

Joe
 
 
Windows 2008 R2 Terminal Server and Virtual setup.
Had ongoing issues with the server as per this bulletin.
 
We have applied the "minimum" values to the policies and touch wood we have not had an occurence of the problem in the past week.
 
Will monitor and update if any changes.
Userlevel 2
The issue is still happening for us after setting the policy to minimum.
 
Once again we had to uninstall webroot from the terminal servers.
Userlevel 7
Badge +35
 
Please view the most recent update on this issue here: https://community.webroot.com/t5/Webroot-for-Business/Update-on-Winlogin-4005-amp-Terminal-Servers-November-17-2016/td-p/275978 
Hi all,
 
Confirming the issue is still present for us on 2012 R2 with the policy set to minimum.
 
There's another thread on Spiceworks which is interesting, particularly surrounding two windows updates causing RDS winlogon 4005 issues. Apparently this is resolved in the November rollup, due for release in December. Not sure if this is contributing to some people's issues?
 
https://community.spiceworks.com/topic/1570976-server-2012-rds-winlogon-process-crashing-event-id-4005-black-screen?page=7
 
 
Thanks,
Joe
Userlevel 3
**knocks on wood**
 
We have removed updates KB3172614 and KB3179574.
After that we set the self protection to minimum in the webroot console.
Today it's been 2 week since I have made the changes. No crashes or black screens after login anymore.
 
**knocks on wood again**
 
MS Server 2012 R2
RDS for 65 users.
Userlevel 3
After 3 weeks the problem has returned for us!
:(
 
 
Userlevel 6
Badge +26
 
Community Update Link - all, here is the current status with regardst to the RDS server issues. If you're still having issues, please keep our support team in the loop so they can track all concerns.
Userlevel 2
We've removed Webroot from all terminal servers and we're not putting it back on until we know it's completely resolved
 
Does anyone have any feedback on the latest build?
Userlevel 2
Good so far here, but it's only been a couple days since I turned off the nightly reboots again. I would suggest waiting at least another week or 2 to know if it is for sure fixed, I thought it was for us a couple months ago and then it started again after a week or more of being fine.
 
I have seen many reports that the issue with webroot causing stuck agent commands for labtech agents was fixed in the .75 build as well though, so if you are running labtech you want to get those agents updated to .75 asap
Userlevel 3
Badge +5
Yeah .. Labtech + Webroot here .. can confirm total numbers are dropping daily .. as opposed to rising daily like they were the whole last month.
We have set to Minimum and been good for around 3 weeks. No issues.
Windows Server 2008 R2 Terminal Server Hyper V
 
This one has started happening to us since the new update! No problems before the weekend, but this week we've had the issue on multiple TS. I don't think 9.0.13.75 has fixed things...
Userlevel 2
@I think it would be really beneficial if you could open a ticket with webroot support for them to investigate with your setup to see why this would have started happening to you with 9.0.13.75. If that is the case I would have to assume you have something uniquely different than their testbeds that they likely won't be able to address without eyes on it.
Userlevel 1
Replying so I can subscribe to this thread.

Reply