Resolved issues in Windows 10, version 1909 and Windows Server, version 1909
See a list of known issues that have been resolved for Windows 10, version 1909 and Windows Server, version 1909 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
Resolved issues
| Summary | Originating update | Status | Date resolved |
|---|---|---|---|
| You might see authentication failures on the server or client for services Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, and other services might fail. | OS Build 18363.2274 KB5013945 2022-05-10 | Resolved | 2022-05-27 14:24 PT |
| Certain IPSEC connections might fail Some VPN clients using IPSEC or Layer 2 Tunneling Protocol (L2TP) might have issues connecting. | OS Build 18363.2037 KB5009545 2022-01-11 | Resolved KB5010792 | 2022-01-17 14:00 PT |
| Microsoft Installer might have issues updating or repairing apps Affected apps might fail to open after an update or repair has been attempted. | OS Build 18363.1916 KB5007189 2021-11-09 | Resolved KB5008206 | 2021-12-14 10:00 PT |
| Connections to printers shared via print server might encounter errors This issue is observed when print clients try to connect to a remote printer shared on a print server | OS Build 18363.1854 KB5006667 2021-10-12 | Resolved KB5008206 | 2021-12-14 10:00 PT |
Issue details
May 2022
You might see authentication failures on the server or client for services
| Status | Originating update | History | Resolved | OS Build 18363.2274 KB5013945 2022-05-10 | Resolved: 2022-05-27, 14:24 PT Opened: 2022-05-11, 18:38 PT |
|---|
Resolution guidance updated May 27, 2022
After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.
Note: Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers.
Workaround: The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note: The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note: Any other mitigation except the preferred mitigations might lower or disable security hardening.
Resolution: This issue was resolved in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue.
To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically.
Cumulative updates:
- Windows Server 2022: KB5015013
- Windows Server, version 20H2: KB5015020
- Windows Server 2019: KB5015018
- Windows Server 2016: KB5015019
Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
Standalone Updates:
- Windows Server 2012 R2: KB5014986
- Windows Server 2012: KB5014991
- Windows Server 2008 R2 SP1: KB5014987
- Windows Server 2008 SP2: KB5014990
Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of May 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released May 10, 2022 to receive the quality updates for May 2022. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.
Affected platforms:
- Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
January 2022
Certain IPSEC connections might fail
| Status | Originating update | History | Resolved KB5010792 | OS Build 18363.2037 KB5009545 2022-01-11 | Resolved: 2022-01-17, 14:00 PT Opened: 2022-01-13, 11:05 PT |
|---|
After installing KB5009545, IP Security (IPSEC) connections which contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.
Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used.
Resolution: This issue was resolved in the out-of-band update KB5010792. It is a cumulative update, so you do not need to apply any previous update before installing it. If you would like to install the update, you will need to Check for updates and select "Optional updates" and then select KB5010792. To get the standalone package for KB5010792, search for it in the Microsoft Update Catalog. You can import this update into Windows Server Update Services (WSUS) manually. See the Microsoft Update Catalog for instructions. Note KB5010792 will not install automatically.
Affected platforms:
- Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB
- Server: Windows Server 2022; Windows Server, version 20H2; Windows Server 2019; Windows Server 2016
November 2021
Microsoft Installer might have issues updating or repairing apps
| Status | Originating update | History | Resolved KB5008206 | OS Build 18363.1916 KB5007189 2021-11-09 | Resolved: 2021-12-14, 10:00 PT Opened: 2021-11-18, 10:34 PT |
|---|
After installing KB5007189 or later updates, Microsoft Installer (MSI) might have issues repairing or updating apps. Apps that are known to be affected include some apps from Kaspersky. Affected apps might fail to open after an update or repair has been attempted.
Workaround: To mitigate this issue, you will need to uninstall the affected app, then install the latest version of the app.
Resolution: This issue was resolved in KB5008206. This update should prevent the issue from occurring again, but you might need to reinstall affected apps, if they will not open.
Affected platforms:
- Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
October 2021
Connections to printers shared via print server might encounter errors
| Status | Originating update | History | Resolved KB5008206 | OS Build 18363.1854 KB5006667 2021-10-12 | Resolved: 2021-12-14, 10:00 PT Opened: 2021-10-29, 11:15 PT |
|---|
After installation of KB5006667, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server:
- 0x000006e4 (RPC_S_CANNOT_SUPPORT)
- 0x0000007c (ERROR_INVALID_LEVEL)
- 0x00000709 (ERROR_INVALID_PRINTER_NAME)
Note: The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.
Workaround: You can take steps to workaround this issue on print servers that meet the following prerequisite:
- Print clients must have installed a Windows update released on or after January 2021 before the print server has installed KB5006667.
Ensure that network security and VPN solutions allow print clients to establish RPC over TCP connections to print server over the following port range:
- Default start port: 49152
- Default end port: 65535
- Port Range: 16384 ports
Please refer to these articles for further guidance:
- How to configure RPC to use certain ports and how to help secure those ports by using IPsec.
- The default dynamic port range for TCP/IP has changed since Windows Vista and in Windows Server 2008
You also benefit from using client side rendering for print jobs. The 'Render print jobs on client computers' option is available from the printer's device Properties, and it is recommended that its checkbox is selected on the print server. Note this step will not help if clients have overwrites which prevent the server setting from taking effect.
Resolution: This issue was resolved in KB5008206.
Affected platforms:
- Client: Windows 11, version 21H2; Windows 10, version 21H1; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2