Remote Desktop Services Health Monitor Fails after 2008R2 Windows Updates Applied

The problem is the 13th byte changed from x01 to 0x09. The 12th byte value of x02 indicates the server is sending a RDP Negotiation Response and by the protocol requirements must always remain x02. However, the 13th byte is a bit mapped flag.

Before the patch, 2008R2 response with x01 indicated only "EXTENDED_CLIENT_DATA_SUPPORTED." The patch added x08 to the mask (indicating also "RESTRICTED_ADMIN_MODE_SUPPORTED") for a total flag value of x09.

This flag is explained at: https://msdn.microsoft.com/en-us/library/cc240506.aspx

Simply changing it to match the new flag does not future-proof the monitoring for additional flag changes. Also, it seems to me that monitoring that the flag remain exactly the same provides no benefit to confirming the health of the RDP service. As such, I would recommend changing the receive string to only confirm the first 12 bytes like so: \x03\x00\x00\x13\x0e\xd0\x00\x00\x12\x34\x00\x02

An alternative to provide future proofing would be to replace the 13th byte with a wildcard character but I'm not sure how to specify that on the F5.