August 30, 2018—KB4343884 (OS Build 14393.2457)

Applies to: Windows 10, version 1607Windows Server 2016

Improvements and fixes


This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Updates the music metadata service provider used by Windows Media Player.
  • Addresses an issue from the March 2018 update that prevents the correct lock screen image from appearing when the following GPO policies are enabled:
    • Computer Configuration\Administrative Templates\Control Panel\Personalization\Force a specific default lock screen and logon image
    • Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image  
  • Addresses an issue that prevents users of PIV/CAC smart cards from authenticating to use enterprise resources or prevents Windows Hello for Business from configuring on first logon. 
  • Addresses an issue that prevented the Device Guard PackageInspector.exe application from including all the files needed for an application to run correctly once the Code Integrity policy was completed. 
  • Addresses an issue that, in some cases, failed to clear decrypted data from memory after a CAPI decryption operation was completed. 
  • Addresses an issue that causes PowerShell scripts to stop working when attempting operations such as Get-Credentials. 
  • Addresses an issue that causes the Wi-Fi EAP-TTLS (CHAP) authentication to fail if a user saves credential information before authentication. 
  • Addresses a Windows Task Scheduler issue that occurs when setting up an event to start on a specific day of the month. Instead of starting on the specific day of the month you selected, the event starts one week ahead of schedule. For example, if you set an event to start on the third Tuesday of August 2018, instead of starting on 08/21/18, the event starts on 08/14/18.

  • Addresses an issue that prevents Hypervisor from automatically launching on restart when running a nested or non-nested virtualization scenario after enabling Device Guard. 

  • Addresses an issue that causes the event viewer for Microsoft-Windows-Hyper-V-VMMS-Admin to receive excessive Event ID 12660 “Cannot open handle to Hyper-V storage provider” messages. This issue occurs when performing migration testing on a Windows Server 2016 S2D Cluster Platform. As a result, events are deleted after three hours when the event log size reaches 1 MB. 
  • Addresses an issue that causes virtual functions (VF) to be unintentionally removed when a virtual machine (VM) is saved in Hyper-V Manager. This issue occurs when assigning and loading multiple virtual functions to a single VM during live migration on Windows Server 2016. Saving the VM doesn’t result in a normal shutdown of the virtual functions and doesn’t allow the VF driver to have backchannel communication with the physical function (PF). 
  • Addresses an issue that causes an Azure to on-premise failback operation to fail and puts the virtual machine (VM) into an unresponsive state. This issue occurs if the failback is interrupted by an event such as restarting the Virtual Machine Management Service (VMMS) or restarting the host machine. The failback operation then continues to fail even when the VMMS is running. 
  • Addresses an Active Directory Federation Services (AD FS) issue where Multi-Factor Authentication does not work correctly with mobile devices that use custom culture definitions. 
  • Addresses an issue in Windows Hello for Business that causes a significant delay (15 seconds) in new user enrollment. This issue occurs when a hardware security module is used to store an ADFS Registration Authority (RA) certificate. 
  • Addresses an Active Directory Domain Services (AD DS) issue that causes Local Security Authority Subsystem Service (LSASS) to stop working intermittently. This issue occurs when a custom component binds over Transport Layer Security (TLS) to a Domain Controller using Simple Authentication and Security Layer (SASL) EXTERNAL authentication. 
  • Addresses an issue that generates Event ID 2006 and prevents the Windows Performance counter from reading Server Message Block (SMB) performance counters. This issue occurs when Hot-Plug is enabled for CPUs on Windows 2016 virtual machines. 
  • Addresses an issue that causes users to disconnect from a remote session when the Remote Desktop Gateway service stops working. 
  • Addresses an issue that causes svchost.exe to stop working intermittently. This issue occurs when the SessionEnv service is running, which causes a partial load of the user’s configuration during a Remote Desktop session. 
  • Addresses an issue that may cause the server to be restarted because the system nonpaged pool consumes too much memory.
  • Addresses an issue that may remove a Dynamic Host Configuration Protocol (DHCP) option from a reservation after changing the DHCP scope settings.
  • Addresses an issue that prevents a drive from being made writable even after BitLocker encryption has completed. This issue occurs when using the FDVDenyWriteAccess policy.

  • Addresses an issue that occasionally displays a blue screen instead of the lock screen when a device wakes up from sleep.

  • Extends the Key Management Service (KMS) to support the upcoming Windows 10 client Enterprise LTSC and Windows Server editions. For more information, see KB4347075

  • Addresses an issue that occurs when performing backup of a Virtual Machine (VM) or removing VM snapshots in a guest OS on Windows Server 2016. A “153 disk error” appears because the I/O takes longer than expected.

  • Addresses an issue that stops Active Directory replication for six hours. The Microsoft-Windows-ActiveDirectory_DomainService displays events 1481 and 1084 with the error code 8409. This issue occurs when you have recently authoritatively restored an object, the Recycle bin is not enabled, and you restart the domain controller. Event 1084 displays the content of the restored object’s domain name.

If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.

Known issues in this update


Symptom Workaround
After installing this update, installation and client activation of Windows Server 2019 and 1809 LTSC Key Management Service (KMS) (CSVLK) host keys do not work as expected. Microsoft is working on a resolution and will provide an update in an upcoming release.

After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:

4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

How to get this update


To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Prerequisite: The servicing stack update (SSU) (KB4132216) must be installed before installing the latest cumulative update (LCU) (KB4343884). The LCU will not be reported as applicable until the SSU is installed.

File information

For a list of the files that are provided in this update, download the file information for cumulative update 4343884