Table of contents
×

Summary

This update resolves the following issues: 

  • Active Directory attributes are not written correctly during a Lightweight Directory Access Protocol (LDAP) modify operation with multiple specific attribute changes.

  • Windows Servers might restart unexpectedly after installing the January 11, 2022 Windows update on domain controllers (DCs).

Important: 

  • Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended security update (ESU) support.

  • Starting in July 2020, there will no longer be optional, non-security releases (known as "C" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the "B" or Update Tuesday release).

  • Verify that you have installed the required updates listed in the How to get this update section before installing this update. 

  • For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history home page.

Known issues in this update

Symptom 

Workaround 

After installing this update and restarting your device, you might receive the error, "Failure to configure Windows updates. Reverting Changes. Do not turn off your computer", and the update might show as Failed in Update History.

This is expected in the following circumstances:

  • If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.

  • If you do not have an ESU MAK add-on key installed and activated.

If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the How to get this update section of this article.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Do one of the following: 

  • Perform the operation from a process that has administrator privilege.

  • Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release. 

After installing this update or a later update, users might experience pass-through authentication failures when authenticating by using the NTLM protocol with domain controllers running Windows Server 2008 R2.

Environments affected by this issue may produce the following events:

  • Error 4625 in the event log of the server Domain Controller.

  • Netlogon Event 5833, found in the System event log of the domain controller.

This issue is resolved in KB5009610 (Monthly Rollup) and KB5009621 (Security-only update)

This issue is not present in later versions of Windows Server and can be avoided by upgrading Windows Server 2008 R2 domain controllers to a later Windows Server version.

How to get this update

Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Before installing this update

To install Windows 7 SP1 or Windows Server 2008 R2 SP1 updates released on or after July 2019, you must have the following required updates installed.

  • Install the SHA-2 code signing support updates:

    You must have the SHA-2 update (KB4474419) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

    You must have installed the servicing stack update (SSU) (KB4490628) that is dated March 12, 2019. After update KB4490628 is installed, we recommend that you install the latest SSU update. For more information about the latest SSU update for Windows 7 SP1 or Windows Server 2008 R2 SP1, see ADV990001 | Latest Servicing Stack Updates.

  • Install the Extended Security Update (ESU):

    You must have installed the "Extended Security Updates (ESU) Licensing Preparation Package" (KB4538483) or the "Update for the Extended Security Updates (ESU) Licensing Preparation Package" (KB4575903). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the Microsoft Update Catalog.

    You must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in KB4522133 to continue receiving security updates after extended support ends. Extended support for Windows 7 SP1 and Windows Server 2008 R2 SP1 ended on January 14, 2020.

Important You must restart your device after you install these required updates.

File information

For a list of the files that are provided in this update, download the file information for update 5010798.

References

For more information about ESU and which editions are supported, see KB4497181.

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×