April 17, 2018—KB4093121 (Preview of Monthly Rollup)

Applies to: Windows Server 2012 R2

Improvements and fixes


This non-security update includes improvements and fixes that were a part of KB4093114 (released April 10, 2018) and also includes these new quality improvements as a preview of the next Monthly Rollup update:

  • Windows Update and WSUS will offer this update to applicable Windows client and server operating systems regardless of the existence or value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" registry setting. This change has been made to protect user data.

  • Addresses additional issues with updated time zone information.

  • Addresses an issue that blocks failed NTLM authentications instead of only logging them when using an authentication policy with audit mode turned on. Netlogon.log may show the following:

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Entered

NlpVerifyAllowedToAuthenticate: AuthzAccessCheck failed for A2ATo 0x5. This can be due to the lack of claims and compound support in NTLM

SamLogon: Transitive Network logon of <domain>\<user> from <machine2> (via <machine1>) Returns 0xC0000413      

  • Addresses an issue that generates a certificate validation error 0x800B0109 (CERT_E_UNTRUSTEDROOT) from http.sys.

  • Addresses a race condition in iSCSI that might lead to queries that return incomplete sense data.

  • Addresses an issue that causes massive pool commit failures (ID 2019 and ID 2020) to occur when using dedupe and backup on large file servers.

  • Addresses an issue that causes a communication failure in an RPC-based network in certain situations. The error is “reason_not_specified_reject”.

  • Addresses an issue that might cause Windows Server 2012 R2 Domain Controllers (DC) to periodically restart after a Local Security Authority Subsystem Service (LSASS) module fault. This interrupts applications and services bound to the DC. DCs may log the following events:

    • Application Error event ID 1000; the faulty module is NTDSATQ.dll, and the exception code is “0xc0000005”.

    • User32 event ID 1074; Microsoft-Windows-Wininit event ID 1015 indicates that a critical system process, lsass.exe, failed with status code 255.      

  • Addresses an issue that causes DTC to stop responding in msdtcprx!CIConnSink::SendReceive during an XA recovery. During this failure, IXaMapper objects with identical RMIDs are corrupted.

  • Addresses an issue that causes Eventcollector subscription to fail in cross-forest environments when the target's FQDN label doesn't match the domain's NetBIOS name.

  • Addresses an issue that might cause clients that use CSVs to disconnect from SMB3 servers because srv2.sys doesn’t use SMB3 multichannel for recovery. When there are disconnections between nodes, this can cause unexpected failover of the CSVs and creates instability in the VMs located on those CSVs. The disconnections are detected as I/O timeouts and generate Event ID 5120 with “STATUS_IO_TIMEOUT”. Sometimes Event ID 5142 appears when recovery doesn’t occur.

For more information about the resolved security vulnerabilities, see the Security Update Guide.

Known issues in this update


Microsoft is not currently aware of any issues with this update.

How to get this update


This is provided as an Optional update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

File information

For a list of the files that are provided in this update, download the file information for update 4093121