The July 2016 update rollup includes some new improvements and fixes, including the improvements from June 2016 update rollup KB3161606 and May 2016 update rollup KB3156418 for the Windows 8.1 and 2012 R2 platform. We recommend that you apply this update rollup as part of your regular maintenance routines. Before you install this update, check out the Prerequisites and Restart requirement sections.
Improvements and fixes
Note To learn more about the nonsecurity improvements and fixes in this update, see the "July 21, 2016 – KB3172614" section in Windows 8.1 and Windows Server 2012 R2 update history.
Issue 1
Symptoms When a service such as Exchange server tries to reestablish the Kerberos client session during a cluster failover, it may cause the system to become unresponsive. Additionally, an LSASS CPU spike occurs after the failover.
Note This issue can occur on nonclustered environments also if there are many authentication requests occurring at the same time.
Resolution
Microsoft Windows has released a fix that contains new opt-in behavior for the Kerberos client to address this issue. By enabling the Kerberos parameter, the Kerberos client can bypass the CPU intensive action of purging compounded tickets. Note The Kerberos client must opt-in for the new behavior. Follow these steps to create the registry parameter on each node of the cluster:
-
In Registry Editor, locate and then select the following subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
-
Right-click Parameters, point to New, and then click DWORD Value.
-
Type AllowStaleDeviceAuthzData as the entry name, and then press Enter.
-
Right-click AllowStaleDeviceAuthzData, and then click Modify.
-
In the Value data box, type 1, and then click OK.
Note Setting this registry parameter may delay the purging and repopulating of compounding information that could cause changes in account permissions to not be reflected in real time. For more information, see What's New in Kerberos Authentication.
Known issues in this update
Issue 1 Symptoms
After you apply this update on a Remote Desktop Session (RDS) host, some new users cannot connect to an RDP session. Instead, those users see a black screen, and they are eventually disconnected. This issue occurs at unspecified intervals. The following events are usually logged when this issue occurs:
|
Event Logs |
Event Source |
ID |
Description |
|---|---|---|---|
|
Microsoft-Windows-TerminalServices-LocalSessionManager/Operational |
Microsoft-Windows-TerminalServices-LocalSessionManager |
36 |
An error occurred when transitioning from CsrConnected in response to EvCsrInitialized. (ErrorCode 0x80004005) |
|
Application |
Microsoft-Windows-Winlogon |
4005 |
The Windows logon process has unexpectedly terminated. |
Cause During virtual channel management, a deadlock condition occurs that prevents the RDS service from accepting new connections. Resolution To fix this issue, install November 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 (KB3197875).
How to get this update
Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Method 1: Windows Update
This update is provided as a Recommended update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update.
Method 2: Microsoft Download Center
The following files are available for download from the Microsoft Download Center.
|
Operating system |
Update |
|---|---|
|
All supported x86-based versions of Windows 8.1 |
|
|
All supported x64-based versions of Windows 8.1 |
|
|
All supported x64-based versions of Windows Server 2012 R2 |
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Method 3: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website. Note You must be running Microsoft Internet Explorer 6 or a later version.
Update detail information
Prerequisites
To apply this update, you must have the following updates installed on Windows 8.1 or Windows Server 2012 R2:
Restart requirement
You must restart the computer after you apply this update.
Update replacement information
This update replaces the previously released updates 3161606 and 3156418.
File Information
|
File name |
SHA1 hash |
SHA256 hash |
|---|---|---|
|
Windows8.1-KB3172614-arm.msu |
3D918D6C809BF6F57C8FCEFA5DB5C739E1754426 |
D4CA45225CE58173B0D818C7FA7BC6EEAD68EEA0404772F72FF6DFEC45CB0489 |
|
Windows8.1-KB3172614-x86.msu |
D11C233C8598B734DE72665E0D0A3F2EF007B91F |
8AC8D0E3E4FC093B633BEB2B43D2D29AE3C909C178DDD40450ED371152314E60 |
|
Windows8.1-KB3172614-x64.msu |
E41365E643B98AB745C21DBA17D1D3B6BB73CFCC |
286CB965E57F9369C8A71AAAF4FC40C99131A521899CAD8A3F36A10E192CA908 |
File informationFor a list of the files that are provided in this update, download the file information for update rollup 3172614.
References
For more information about Windows Update, go to the following Microsoft websites:Troubleshoot problems with installing updatesWindows Update: Frequently Asked Questions Learn about the terminology that Microsoft uses to describe software updates.
