This update includes quality improvements. No new security updates are included. Key changes include:
- Added support for multiple account authentication using Active Directory Federation Services (ADFS) through "prompt" query parameter.
- Addressed issue in Host Bus Adapters (HBA) that was including non-Fibre Channel HBA devices in the Fibre Channel HBA list.
- Added support to set the idle timeout value of a TCP connection used by WinHTTP.Note
Using this setting is not recommended because it may cause problems for your applications.
The default value for the timeout is two minutes. To change the timeout use the WinHttpSetOption function with dwOption set to 135. This option can only be set on a session handle before any connection handles or requests are created for the session. Once connection handles or requests are created, this value can't be modified. For more info, see WinHttpSetOption function.
- Addressed issue where print jobs are no longer working when v4 printer drivers are configured to use Enhanced Driver Configuration.
- Remote Desktop service may hang when IP Virtualization is configured and there are a high number of remote desktop sessions.
- Improved support in Microsoft Cryptographic Application Programming Interface (CryptoAPI) to help identify websites that use Secure Hash Algorithm 1 (SHA-1).
- Running the GPRESULT command with the verbose option results in a crash and customers are unable to audit user or machine policies.
- The system reports a string corruption problem for AccessReason in the Audit logs for Event ID 4656. These events are reported in a Security audit log, similar to this:
Log Name : Security
Source : Microsoft-Windows-Security-Auditing
Date : date time
Event ID : 4656
Task Category : task category
Level : Information
Keywords : keywords
User : N/A
Computer : computername
- This update extends support of the Key Management Service (KMS) for Windows 8 and Windows Server 2012, in order to enable the activation of clients running Windows 10 Anniversary Update-based long-term servicing branch (LTSB) and Windows Server 2016 clients, when they become available.
In addition to installing this update on the KMS Host, a KMS generic volume license key (GVLK) that is designed to support the Windows 10 Anniversary Update-based LTSB or Windows Server 2016 clients also needs to be installed. Information about the associated KMS GVLKs for these products will be listed in Appendix A: KMS Client Setup Keys, when they become available.
The KMS GVLKs that support the new versions of Windows will also support previous volume licensing editions of Windows that are acting as KMS clients. For more info about using a Customer Support Volume License Key (CSLVK) for installation, see this article.
- When you deploy Windows Server 2008 R2 Service Pack 1 (SP1) through Windows Deployment Services (WDS), if clients are Unified Extensible Firmware Interface (UEFI) and in a routed environment, they don't receive the Dynamic Host Configuration Protocol (DHCP) packets correctly. This results in WDS deployment failing on these clients.
- When you enable BitLocker on the volume and then expand the volume on Windows Server 2012 R2, there cache manager errors are shown and the commands fail. These are logged in the System log with error 141 - STATUS_MEDIA_WRITE_PROTECTED.
- When a non-administrator user opens an Access file in a WebDav folder, they might not be able save the file because of a Delete Pending error.
- When an application is writing data using the VirtualChannelWrite API closes the virtual channel right after it gets write completion event, it could result in data being discarded.
- When you use the NVM Express (NVMe) driver to retrieve the firmware and model numbers of the solid-state drive (SSD), the NVMe driver will truncate the firmware and model numbers returned from the NVMe devices.
- When you try to configure connecting a SCSI storage device to a Windows Hyper-V Host, the Host will not recognize the SCSI storage device when Logical Unit (LUN) 0 is not present.
- When there is more logging session churn on the system because of workloads that are being run, Event Tracking (ETW) will crash.
- When you change application settings using Set-ADFSRelyingPartyTrust, without explicitly setting AlwaysRequireAuthentication, it will reset AlwaysRequireAuthentication bit to the default (false) and users won't be prompted for Multi Factor Authentication (MFA).
- When you configure Windows Server 2012 R2 for cloud based authentication, there is a high latency on the tenants for authentication and provisioning which causes the CPU usage to drop to less than 10%.
- When you try to import a certificate into a Virtual Smart Card (VSC) on a Windows based tablet (into the TPM), it might fail. This may cause the certificate to be suspended and prevent enrollment of additional certificates.
- Addressed issue in Microsoft Secure Channel (SChannel) that sometimes causes Transport Layer Security (TLS) 1.2 connections to fail depending on whether the root certificate is configured as part of the certificate chain for server authentication.
- When an Exchange server attempts to reestablish the Kerberos client session during a cluster failover it may cause the system to become unresponsive.
- Updated the inbox component in Windows Server 2012 R2 Essentials to use the new client connector, so that the inbox component won't get uninstalled during Windows 10 upgrades.
- Improved reliability of Hyper-V Replica (HVR) by increasing the timeout value and the free disk space threshold. For more info, see KB3184854.
- If you installed the May 2016 update rollup for Windows 8.1 and Windows Server 2012 R2 (KB3156418), the DFSRS.exe process may consume a high percentage of CPU processing power (up to 100 percent). This may cause the DFSR service to become unresponsive and you may be unable to stop the service. You must hard-boot affected computers to restart them.
For more info about how to get this update and a complete list of affected files, see KB3172614.