July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2
Improvements and fixes
Known issues in this updateIssue 1
After you apply this update on a Remote Desktop Session (RDS) host, some new users cannot connect to an RDP session. Instead, those users see a black screen, and they are eventually disconnected. This issue occurs at unspecified intervals.
The following events are usually logged when this issue occurs:
|Event Logs||Event Source||ID||Description|
|Microsoft-Windows-TerminalServices-LocalSessionManager/Operational||Microsoft-Windows-TerminalServices-LocalSessionManager||36||An error occurred when transitioning from CsrConnected in response to EvCsrInitialized. (ErrorCode 0x80004005)|
|Application||Microsoft-Windows-Winlogon||4005||The Windows logon process has unexpectedly terminated.|
During virtual channel management, a deadlock condition occurs that prevents the RDS service from accepting new connections.
To fix this issue, install November 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 (KB3197875).
When a service such as Exchange server tries to reestablish the Kerberos client session during a cluster failover, it may cause the system to become unresponsive. Additionally, an LSASS CPU spike occurs after the failover.
ResolutionMicrosoft Windows has released a fix that contains new opt-in behavior for the Kerberos client to address this issue. By enabling the Kerberos parameter, the Kerberos client can bypass the CPU intensive action of purging compounded tickets.
Note The Kerberos client must opt-in for the new behavior. Follow these steps to create the registry parameter on each node of the cluster:
- In Registry Editor, locate and then select the following subkey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
- Right-click Parameters, point to New, and then click DWORD Value.
- Type AllowStaleDeviceAuthzData as the entry name, and then press Enter.
- Right-click AllowStaleDeviceAuthzData, and then click Modify.
- In the Value data box, type 1, and then click OK.
For more information, see What's New in Kerberos Authentication.
How to get this update
Method 1: Windows UpdateThis update is provided as a Recommended update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update.
Method 2: Microsoft Download CenterThe following files are available for download from the Microsoft Download Center.
|All supported x86-based versions of Windows 8.1||Download the package now.|
|All supported x64-based versions of Windows 8.1||Download the package now.|
|All supported x64-based versions of Windows Server 2012 R2||Download the package now.|
Method 3: Microsoft Update CatalogTo get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Note You must be running Microsoft Internet Explorer 6 or a later version.
Update detail information
PrerequisitesTo apply this update, you must have the following updates installed on Windows 8.1 or Windows Server 2012 R2:
- April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355)
- April 2015 servicing stack update for Windows 8.1 and Windows Server 2012 R2 (KB 3021910)
Restart requirementYou must restart the computer after you apply this update.
Update replacement informationThis update replaces the previously released updates 3161606 and 3156418.
File hash information
|File name||SHA1 hash||SHA256 hash|
File informationFor a list of the files that are provided in this update, download the file information for update rollup 3172614.
Troubleshoot problems with installing updates
Windows Update: Frequently Asked Questions
Learn about the terminology that Microsoft uses to describe software updates.
Article ID: 3172614 - Last Review: 11/15/2016 16:46:00 - Revision: 12.0
- kbsurveynew kbfix atdownload kbexpertiseadvanced KB3172614