July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2

The July 2016 update rollup includes some new improvements and fixes, including the improvements from June 2016 update rollup KB3161606 and May 2016 update rollup KB3156418 for the Windows 8.1 and 2012 R2 platform. We recommend that you apply this update rollup as part of your regular maintenance routines. Before you install this update, check out the Prerequisites and Restart requirement sections.
Improvements and fixes
To learn more about the nonsecurity improvements and fixes in this update, see the "July 21, 2016 – KB3172614" section in Windows 8.1 and Windows Server 2012 R2 update history.

Known issues in this update

Issue 1

Symptoms
After you apply this update on a Remote Desktop Session (RDS) host, some new users cannot connect to an RDP session. Instead, those users see a black screen, and they are eventually disconnected. This issue occurs at unspecified intervals.

The following events are usually logged when this issue occurs:
Event Logs Event Source ID Description
Microsoft-Windows-TerminalServices-LocalSessionManager/Operational Microsoft-Windows-TerminalServices-LocalSessionManager 36 An error occurred when transitioning from CsrConnected in response to EvCsrInitialized. (ErrorCode 0x80004005)
Application Microsoft-Windows-Winlogon 4005  The Windows logon process has unexpectedly terminated.
Cause

During virtual channel management, a deadlock condition occurs that prevents the RDS service from accepting new connections.

Resolution

To fix this issue, install November 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 (KB3197875).

Issue 2

Symptoms

When a service such as Exchange server tries to reestablish the Kerberos client session during a cluster failover, it may cause the system to become unresponsive. Additionally, an LSASS CPU spike occurs after the failover.

Resolution
Microsoft Windows has released a fix that contains new opt-in behavior for the Kerberos client to address this issue. By enabling the Kerberos parameter, the Kerberos client can bypass the CPU intensive action of purging compounded tickets.

Note The Kerberos client must opt-in for the new behavior. Follow these steps to create the registry parameter on each node of the cluster:
  1. In Registry Editor, locate and then select the following subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
  2. Right-click Parameters, point to New, and then click DWORD Value.
  3. Type AllowStaleDeviceAuthzData as the entry name, and then press Enter.
  4. Right-click AllowStaleDeviceAuthzData, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
Note Setting this registry parameter may delay the purging and repopulating of compounding information that could cause changes in account permissions to not be reflected in real time.

For more information, see What's New in Kerberos Authentication.
How to get this update
Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Method 1: Windows Update

This update is provided as a Recommended update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update.

Method 2: Microsoft Download Center

The following files are available for download from the Microsoft Download Center.

Operating systemUpdate
All supported x86-based versions of Windows 8.1DownloadDownload the package now.
All supported x64-based versions of Windows 8.1 DownloadDownload the package now.
All supported x64-based versions of Windows Server 2012 R2DownloadDownload the package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Method 3: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Note You must be running Microsoft Internet Explorer 6 or a later version.

Update detail information

Prerequisites

To apply this update, you must have the following updates installed on Windows 8.1 or Windows Server 2012 R2:

Restart requirement

You must restart the computer after you apply this update.

Update replacement information

This update replaces the previously released updates 3161606 and 3156418.
File Information

File hash information

File nameSHA1 hashSHA256 hash
Windows8.1-KB3172614-arm.msu3D918D6C809BF6F57C8FCEFA5DB5C739E1754426D4CA45225CE58173B0D818C7FA7BC6EEAD68EEA0404772F72FF6DFEC45CB0489
Windows8.1-KB3172614-x86.msuD11C233C8598B734DE72665E0D0A3F2EF007B91F8AC8D0E3E4FC093B633BEB2B43D2D29AE3C909C178DDD40450ED371152314E60
Windows8.1-KB3172614-x64.msuE41365E643B98AB745C21DBA17D1D3B6BB73CFCC286CB965E57F9369C8A71AAAF4FC40C99131A521899CAD8A3F36A10E192CA908

File information

For a list of the files that are provided in this update, download the file information for update rollup 3172614.
References
For more information about Windows Update, go to the following Microsoft websites:

Troubleshoot problems with installing updates

Windows Update: Frequently Asked Questions

Learn about the terminology that Microsoft uses to describe software updates.
Properties

Article ID: 3172614 - Last Review: 11/15/2016 16:46:00 - Revision: 12.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1

  • kbsurveynew kbfix atdownload kbexpertiseadvanced KB3172614
Feedback