Applies ToAzure Stack HCI, version 21H2

Release Date:

15/02/2022

Version:

OS Build 20348.558

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Azure Stack HCI, version 21H2, see its update history page

Improvements 

This non-security update includes quality improvements. Key changes include:     

  • Addresses an issue that occurs when Windows Server 2016 runs as a terminal server using certain cloud computing virtual desktop infrastructure (VDI). As result, the servers randomly stop responding after running for a period of time. This also addresses a regression that proactively checks to ensure that the CSharedLock in rpcss.exe is set correctly to avoid a deadlock.

  • Addresses an issue that affects the Windows search service and occurs when you query using the proximity operator.

  • Addresses a memory leak in the wmipicmp.dll module that causes a lot of false alarm in the System Center Operations Manager (SCOM) datacenter monitoring system.

  • Addresses an issue that incorrectly returns the Execution Policy settings from the registry.

  • Addresses an issue that causes the Group Policy Management Console to stop working after you close it. The system logs Application Error Event ID 1000 and the error, 0xc0000005 (STATUS_ACCESS_VIOLATION); the failing module is GPOAdmin.dll.

  • Addresses an issue that fails to show the Startup impact values in Task Manager.

  • Addresses an issue that might fail to print End User Defined Characters (EUDC) correctly because of font fallback settings.

  • Addresses an issue that prevents ShellWindows() from returning the InternetExplorer object when iexplore.exe runs in the Microsoft Edge Internet Explorer mode context.

  • Provides the ability to share cookies between Microsoft Edge Internet Explorer mode and Microsoft Edge.

  • Addresses an issue that causes Microsoft Edge Internet Explorer mode to stop working when you press the F1 key.

  • Addresses an issue that affects dialog boxes in Microsoft Edge Internet Explorer mode.

  • Addresses an issue that causes the improper cleanup of Dynamic Data Exchange (DDE) objects. This prevents session teardown and causes a session to stop responding.

  • Addresses an issue that prevents phone activation of a Key Management Services (KMS) key on Windows Server 2022.

  • Addresses an issue that prevents printing from operating properly for some low integrity process apps.

  • Addresses an issue that affects applications that are written to only integrate with Azure Active Directory (AAD). These applications will not work on machines that are joined to Active Directory Federation Services (ADFS).

  • Introduces support for Windows Hello for Business Cloud Trust. This is a new deployment model for hybrid deployments of Windows Hello for Business. It uses the same technology and deployment steps that support on-premises single sign-on (SSO) for Fast IDentity Online (FIDO) security keys. Cloud Trust removes the public-key infrastructure (PKI) requirements for deploying Windows and simplifies the Windows Hello for Business deployment experience.

  • Addresses an issue that might cause BitLocker to damage virtual machine (VM) system files if you expand the BitLocker partition while the VM is offline.

  • Addresses an issue that might cause AppLocker to fail because of a deadlock.

  • Addresses an issue that prevents you from unloading and reloading drivers when the drivers are protected Hypervisor-protected Code Integrity (HVCI).

  • Addresses a reliability issue that affects the use of the Remote Desktop app to mount a client’s local drive to a terminal server session.

  • Addresses an issue that causes a mismatch between a Remote Desktop session’s keyboard and the Remote Desktop Protocol (RDP) client when signing in.

  • Addresses an issue that causes screen readers to describe a back button as "button" rather than "back button".

  • Addresses an issue that prevents administrators and content owners from opening expired Active Directory Rights Management Services (AD RMS) content.

  • Addresses an issue that disconnects Offline Files on the network drive after you restart the OS and sign in. This issue occurs if the Distributed File System (DFS) path is mapped to the network drive.

  • Addresses an issue that causes a deadlock in the WebDav redirector. This issue occurs when you attempt to read a file from the local TfsStore, which causes the system to stop responding.

  • Addresses an issue that displays the authentication dialog twice when you mount a network drive.

  • Addresses a memory leak in the Redirected Drive Buffering Subsystem (RDBSS) and the mrxsmb.sys drivers.

  • Addresses an issue that prevents Work Folder sync from recovering from the error code 0x80c80003, “Server is currently busy" on the client. This issue occurs even when the HTTP request queue on the server does not indicate a load.

  • Adds support for hot adding and the removal of non-volatile memory (NVMe) namespaces.

  • Addresses an issue that might cause a race condition when processing multi-threaded GDI tasks. As a result, you might receive an intermittent error, the app might close unexpectedly, or the rendering of characters might fail in an app or when printing a document.

To return to the Azure Stack HCI documentation site

Windows 10 servicing stack update - 20348.557

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Symptom

Workaround

After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. 

Note for developers Affected apps use the System.DirectoryServices API.

To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app.

Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog

For instructions on how to install this update for your operating system, see the KB articles listed below:

  • Windows Server 2022: 

  • Windows Server 2019: 

  • Windows Server 2016: 

  • Windows Server 2012 R2: 

  • Windows Server 2012:

How to get this update

Before installing this update

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

To install the LCU on your Azure Stack HCI cluster, see Update Azure Stack HCI clusters.

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

Go to Settings Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Windows Update for Business

No

None. These changes will be included in the next security update to this channel.

Microsoft Update Catalog

No

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File Information

For a list of the files that are provided in this update, download the file information for cumulative update 5010421.

For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.557

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.