Resolved issues in Windows 10, version 1909 and Windows Server, version 1909

See a list of known issues that have been resolved for Windows 10, version 1909 and Windows Server, version 1909 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.


Resolved issues

SummaryOriginating updateStatusDate resolved
You might see authentication failures on the server or client for services
Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, and other services might fail.
OS Build 18363.2274
KB5013945
2022-05-10
Resolved
2022-05-27
14:24 PT
Certain IPSEC connections might fail
Some VPN clients using IPSEC or Layer 2 Tunneling Protocol (L2TP) might have issues connecting.
OS Build 18363.2037
KB5009545
2022-01-11
Resolved
KB5010792
2022-01-17
14:00 PT
Microsoft Installer might have issues updating or repairing apps
Affected apps might fail to open after an update or repair has been attempted.
OS Build 18363.1916
KB5007189
2021-11-09
Resolved
KB5008206
2021-12-14
10:00 PT
Connections to printers shared via print server might encounter errors
This issue is observed when print clients try to connect to a remote printer shared on a print server
OS Build 18363.1854
KB5006667
2021-10-12
Resolved
KB5008206
2021-12-14
10:00 PT

Issue details

May 2022

You might see authentication failures on the server or client for services

StatusOriginating updateHistory
ResolvedOS Build 18363.2274
KB5013945
2022-05-10
Resolved: 2022-05-27, 14:24 PT
Opened: 2022-05-11, 18:38 PT

Resolution guidance updated May 27, 2022

After installing updates released May 10, 2022 on your domain controllers, you might see machine certificate authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.

Note: Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers.

Workaround: The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note: The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note: Any other mitigation except the preferred mitigations might lower or disable security hardening.

Resolution: This issue was resolved in out-of-band updates released May 19, 2022 for installation on all Domain Controllers in your environment, as well as all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue.

To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically.

Cumulative updates:

Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Standalone Updates:

Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of May 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released May 10, 2022 to receive the quality updates for May 2022. If you have already installed updates released May 10, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Affected platforms:

  • ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

January 2022

Certain IPSEC connections might fail

StatusOriginating updateHistory
Resolved KB5010792OS Build 18363.2037
KB5009545
2022-01-11
Resolved: 2022-01-17, 14:00 PT
Opened: 2022-01-13, 11:05 PT

After installing KB5009545, IP Security (IPSEC) connections which contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.

Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used.

Resolution: This issue was resolved in the out-of-band update KB5010792. It is a cumulative update, so you do not need to apply any previous update before installing it. If you would like to install the update, you will need to Check for updates and select "Optional updates" and then select KB5010792. To get the standalone package for KB5010792, search for it in the Microsoft Update Catalog. You can import this update into Windows Server Update Services (WSUS) manually. See the Microsoft Update Catalog for instructions. Note KB5010792 will not install automatically.

Affected platforms:

  • ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB
  • ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server 2019; Windows Server 2016

November 2021

Microsoft Installer might have issues updating or repairing apps

StatusOriginating updateHistory
Resolved KB5008206OS Build 18363.1916
KB5007189
2021-11-09
Resolved: 2021-12-14, 10:00 PT
Opened: 2021-11-18, 10:34 PT

After installing KB5007189 or later updates, Microsoft Installer (MSI) might have issues repairing or updating apps. Apps that are known to be affected include some apps from Kaspersky. Affected apps might fail to open after an update or repair has been attempted.

Workaround: To mitigate this issue, you will need to uninstall the affected app, then install the latest version of the app.

Resolution: This issue was resolved in KB5008206. This update should prevent the issue from occurring again, but you might need to reinstall affected apps, if they will not open.

Affected platforms:

  • ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

October 2021

Connections to printers shared via print server might encounter errors

StatusOriginating updateHistory
Resolved KB5008206OS Build 18363.1854
KB5006667
2021-10-12
Resolved: 2021-12-14, 10:00 PT
Opened: 2021-10-29, 11:15 PT

After installation of KB5006667, Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server:

  • ​0x000006e4 (RPC_S_CANNOT_SUPPORT)
  • ​0x0000007c (ERROR_INVALID_LEVEL)
  • ​0x00000709 (ERROR_INVALID_PRINTER_NAME)

Note: The printer connection issues described in this issue are specific to print servers and are not commonly observed in devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.

Workaround: You can take steps to workaround this issue on print servers that meet the following prerequisite:

  • ​Print clients must have installed a Windows update released on or after January 2021 before the print server has installed KB5006667.

Ensure that network security and VPN solutions allow print clients to establish RPC over TCP connections to print server over the following port range:

  • ​Default start port: 49152
  • ​Default end port: 65535
  • ​Port Range: 16384 ports

Please refer to these articles for further guidance:

You also benefit from using client side rendering for print jobs. The 'Render print jobs on client computers' option is available from the printer's device Properties, and it is recommended that its checkbox is selected on the print server. Note this step will not help if clients have overwrites which prevent the server setting from taking effect.

Resolution: This issue was resolved in KB5008206.

Affected platforms:

  • ​Client: Windows 11, version 21H2; Windows 10, version 21H1; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2