Improvements and fixes
This non-security update includes improvements and fixes that were a part of KB4025336 (released July 11, 2017) and also includes these new quality improvements as a preview of the next Monthly Rollup update:
Addressed issue with a port and thread leak that can cause a broad array of symptoms including unresponsive systems and iSCSI target connection failures. This occurs after installing monthly updates released between April 11, 2017 (KB4015550) through July 11, 2017 (KB4025336). This issue was called out as known issue in the corresponding release notes for these releases.
- Addressed issue where LSASS.EXE encounters a deadlock and the server must be rebooted.
- Addressed issue where the Remote Desktop idle timeout warning did not appear after setting the idle time.
- Addressed issue with a race condition that causes Lync Edge servers to randomly crash (Stop Error D1). Any active, open session within a federated domain loses connectivity for conference calls, instant messaging, etc.
- Addressed issue where when a failover cluster fails over from one server to another, a clustered IP address resource does not come online and causes the failover to stop functioning.
- Addressed issue where a DNS server may crash after the import of the DSSet file when configuring secure, delegated child zones.
- Addressed issue where a LUN connection that was received after the buffer allocation during iSCSI statistic collection overflowed the buffer and caused error 0x19. A UI issue that hides the iSCSI targets will be addressed in an upcoming release..
- Addressed issue where if there was an error on a storage controller, some paths could not fail over to other paths. Instead, access to the disk was completely lost.
- Addressed issue to prevent user logon delays when processes that have registered top-level windows fail to respond to BroadcastSystemMessages sent by the Group Policy Preference client-side extensions.
- Addressed issue where Windows Server 2012R2 throws error “STOP 0XCA (Duplicate PDO)” when redirecting certain USB devices using RemoteFX. To fix this, do the following:
- Go to the registry location SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations.
- Create a new DWORD value “fUniqueInstanceID ”.
- Set the value to “1”.
- Reboot after setting this registry.
- Addressed issue where enabling the policy “Display information about previous logons during user logon” prevents Remote Desktop Protocol providers from allowing logins with no user interaction.
- Addressed issue where the TsPubRPC service running in Svchost.exe experiences a memory leak when RemoteApp applications are configured with file type associations.
- Addressed issue where files and folders accumulate in the UvhdCleanupBin folder in Remote Desktop session hosts. These files are not deleted when a user logs off if the path limit is exceeded. In extreme cases, this issue can cause logon failures.
- Addressed issue where a Microsoft Enterprise CA cannot request that a Microsoft subordinate CA template be used for key encipherment. A single certificate can provide multiple usages like key encipherment and CRL signing.
- Addressed issue to allow NPS servers to accept certificates with multiple usages.
- Addressed issue where both transient and listener process TCP ports for the loopback sockets leak because of a leaked reference count. Such ports do not appear in NETSTAT.
- Addressed issue to enable logging to detect weak cryptography.
- Addressed issue with wireless network clients that disconnect from wireless access points after the EAPOL key retransmission timeout (5 minutes). This occurs because the M2 bit is incorrectly set during the four-way handshake.
- Addressed issue where a request to a website results in a 503 response when IIS runs in "Dynamic Site Activation (DSA) Mode". This occurs when the default app pool identity is a specific user/password and a specific app pool’s identity is configured to use "ApplicationPoolIdentity".
- Addressed issue where NetInfo_list may not contain all the network interfaces information. Additionally, the DNS client cannot use all the connected network interfaces while sending the query. This occurs when the host is running in low memory when the NetInfo_Build gets started.
- Addressed issue where if an interface is unavailable during the NetInfo_Build, the DNS client will not use that interface to send queries for the next 15 mins even if the interface comes back before 15 minutes.
- Addressed issue to implement a callback function to receive a notification when an interface comes back after an unavailable state. This callback prevents a host from going into the sleep state.
- Added new server variables to IIS to capture SSL/TLS protocol and cipher suite algorithms used with each request. Additionally, we enabled IIS Enhanced Logging to log this information.
Known issues in this update
|NPS authentication may break, and wireless clients may fail to connect.||On the server, set the following DWORD registry key's value to = 0: SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\DisableEndEntityClientCertCheck|
|Japanese IME may hang in certain scenarios.||Install KB2962409.|
How to get this update
This is provided as an optional update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
For a list of the files that are provided in this update, download the file information for update 4025335.