You cannot replace the file while it is in use by the operating system.
Monthly cumulative updates for Server 2012 R2 often replace termsrv.dll. After patching, you must re-apply the universal patch following each Windows Update.
Prior to patching, termsrv.dll contains a function called TerminateDD or similar session-checking routines. When a third user attempts to log in via RDP, the function queries the licensing store, sees that no RDS CAL is available (or that the concurrent limit is 2), and rejects the connection.
The patch locates and changes a conditional jump instruction (JNZ, JE) to an unconditional jump (JMP) or alters the comparison value (e.g., changing a cmp eax, 2 to cmp eax, 9999). Specifically, for Server 2012 R2, the known patch targets the following hex pattern: universal termsrv.dll patch windows server 2012 r2
Unpatched bytes (around offset 0x2F6E0 or similar, version dependent):
8B 81 D8 00 00 00 83 F8 02 7C ...
Patched bytes:
8B 81 D8 00 00 00 83 F8 02 7D ... or B8 00 00 00 00 90 90 ...
Note: Exact offsets vary with Windows updates. Always use an automated patching tool. You cannot replace the file while it is
After patching, the server no longer checks or enforces the concurrent user limit. Any number of administrators (or users) can connect simultaneously via RDP using the same administrative credentials or different local accounts.
Before implementing the universal patch in any environment, consider these substantial risks:
By default, a single user can have only one active RDP session. To allow the same user to connect multiple times (e.g., admin with two devices): Monthly cumulative updates for Server 2012 R2 often
Windows Server 2012 R2 enforces a strict limit of two concurrent Remote Desktop (RDP) sessions for administrative purposes unless the Remote Desktop Session Host (RDSH) role is installed and appropriately licensed. The termsrv.dll (Terminal Services core library) contains the logic that enforces this limit. A well‑known binary patch, often called the “universal termsrv.dll patch,” modifies a single byte in the library to remove the concurrent session restriction. This paper provides a comprehensive analysis of how the patch works, the specific code pattern it targets, a step‑by‑step implementation guide, potential side effects, security risks, and legal/ licensing considerations. It also discusses modern alternatives for achieving multi‑session RDP without violating Microsoft’s licensing terms.
Windows Server 2012 R2 remains a workhorse in countless data centers and small business server rooms. It offers stability, performance, and a familiar management interface. However, like every non-RDS (Remote Desktop Services) edition of Windows, it comes with a hard-coded limitation: only two concurrent Remote Desktop (RDP) sessions are allowed.
For IT administrators, developers using test environments, or small teams sharing a server for administration, this restriction is a major bottleneck. You have three options to overcome it:
This article explores the third option in depth. We will cover what the patch is, how it works, step-by-step installation for Windows Server 2012 R2, risks, alternatives, and post-patch best practices.