Windows 10, version 1809 and Windows Server 2019

Find information on known issues for Windows 10, version 1809 and Windows Server 2019. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). Want the latest Windows release health updates? Follow @WindowsUpdate on Twitter.

Current status as of November 23, 2020
As of November 10, 2020, the Home, Pro, Pro for Workstations, and IoT Core editions of Windows 10, version 1809 and all editions of Windows Server, version 1809 have reached end of service. Devices running these editions will no longer receive monthly security and quality updates containing protections from the latest security threats. We recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates for currently supported versions of Windows 10, see the Microsoft Lifecycle Policy search tool.
Windows 10, version 20H2 is now available Windows 10, version 20H2 is now available
Find out how to get the update >
What’s new for IT pros What’s new for IT pros
Explore the latest features and servicing innovations in Windows 10, version 20H2 >

Known issues

This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

SummaryOriginating updateStatusLast updated
Domain controllers in your enterprise might encounter Kerberos authentication issues
Authentication and renewal issues for Kerberos ticket after installing updates released November 10, 2020.
OS Build 17763.1577
KB4586793
2020-11-10
Resolved
KB4594442
2020-11-17
14:00 PT
Local Security Authority Subsystem Service (lsass.exe) might fail on some devices
Affected devices might receive a critical system process error and the device might restart.
OS Build 17763.1217
KB4551853
2020-05-12
Resolved
KB4558998
2020-07-14
10:00 PT
“Reset this PC” feature might fail
“Reset this PC” feature is also called “Push Button Reset” or PBR.
N/A
KB4524244
2020-02-11
Mitigated
2020-02-15
01:22 PT
You might encounter issues with KB4524244
You might encounter issues trying to install or after installing KB4524244
N/A
KB4524244
2020-02-11
Mitigated
2020-02-15
01:22 PT
Devices with some Asian language packs installed may receive an error
Devices with Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND."
OS Build 17763.437
KB4493509
2019-04-09
Mitigated
2019-05-03
10:59 PT

Issue details

November 2020

Domain controllers in your enterprise might encounter Kerberos authentication issues

StatusOriginating updateHistory
Resolved
KB4594442
OS Build 17763.1577
KB4586793
2020-11-10
Resolved: 2020-11-17, 02:00 PT
Opened: 2020-11-14, 01:39 PT
After installing KB4586793 on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication issues. This is caused by an issue in how CVE-2020-17049 was addressed in these updates. As noted in CVE-2020-17049, there are three registry setting values for PerformTicketSignature to control it, but in the current implementation you might encounter different issues with each setting:
  • Setting the value to 0 might cause authentication issues when using S4U scenarios, such as scheduled tasks, clustering, and services for example line-of-business applications.
  • The default value setting of 1 might cause non-Windows clients authenticating to Windows Domains using Kerberos to experience authentication issues.
    • With setting 1, clients attempting to renew a Kerberos ticket that should be renewable on a DC updated with KB4586793 will fail to renew the Kerberos ticket if it was issued from a DC that has not installed an update released November 11, 2020 or any DC running Windows Server 2008 R2 SP1 or Windows Server 2008 SP2.
    • Going from 0 to 1 might also cause this issue since there can be outstanding Kerberos tickets that are marked renewable, but will not be renewed by updated DCs.
  • With the default value setting of 1, you might also have Cross realm referrals failures on Windows and non-Windows devices for Kerberos referral tickets passing through domain DCs that have not installed an update released November 11, 2020 or any DC running Windows Server 2008 R2 SP1 or Windows Server 2008 SP2. This issue might happen if domain environment is partially updated or contains at least one Windows Server 2008 R2 SP1 or Windows Server 2008 SP2.
  • Setting the value to 2 is intended for enforcement mode and will create issues in an environment where not all DCs are updated because it will explicitly reject certain types of non-compliant Kerberos tickets. It should also not be used at this time if your environment contains DCs running Windows Server 2008 R2 SP1 or Windows Server 2008 SP2.
Note This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.

Affected platforms:
  • Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in the out-of-band update KB4594442. It is a cumulative update, so you do not need to apply any previous update before installing it. To get the standalone package for KB4594442, search for it in the Microsoft Update Catalog. You can import this update into Windows Server Update Services (WSUS) manually. See the Microsoft Update Catalog for instructions. Note KB4594442 is not available from Windows Update and will not install automatically.

June 2020

Local Security Authority Subsystem Service (lsass.exe) might fail on some devices

StatusOriginating updateHistory
Resolved
KB4558998
OS Build 17763.1217
KB4551853
2020-05-12
Resolved: 2020-07-14, 10:00 PT
Opened: 2020-06-24, 12:46 PT
The Local Security Authority Subsystem Service file (lsass.exe) might fail on some devices immediately after login with the error message in system event log Wininit event 1015 is logged with the text, “A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000008. The machine must now be restarted." c0000008 is an invalid handle error related to Credential Manager (VaultSvc) Service.

Affected platforms:
  • Client: Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4558998.

Note If you are receiving an LSASS failure on Windows 10, version 20H2, while "Your PC will automatically restart in one minute" is displayed for both issues, it is a different error code (status code C0000374, a heap corruption issue) and a different issue. Please see You might receive an error when accessing the sign-in options or users MMC snap-in.

February 2020

“Reset this PC” feature might fail

StatusOriginating updateHistory
MitigatedN/A
KB4524244
2020-02-11
Last updated: 2020-02-15, 01:22 PT
Opened: 2020-02-15, 12:02 PT
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
  1. Select the start button or Windows Desktop Search and type update history and select View your Update history.
  2. On the Settings/View update history dialog window, Select Uninstall Updates.
  3. On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
  4. Restart your device.
  5. Upon restart use the “Reset this PC” feature and you should not encounter this issue.

Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.

You might encounter issues with KB4524244

StatusOriginating updateHistory
MitigatedN/A
KB4524244
2020-02-11
Last updated: 2020-02-15, 01:22 PT
Opened: 2020-02-15, 12:02 PT
You might encounter issues trying to install or after installing KB4524244.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update ( KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.

If this update is installed and you are experiencing issues, you can uninstall this update.
  1. Select the start button or Windows Desktop Search and type update history and select View your Update history.
  2. On the Settings/View update history dialog window, Select Uninstall Updates.
  3. On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
  4. Restart your device.
 
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.

May 2019

Devices with some Asian language packs installed may receive an error

StatusOriginating updateHistory
MitigatedOS Build 17763.437
KB4493509
2019-04-09
Last updated: 2019-05-03, 10:59 PT
Opened: 2019-05-02, 04:36 PT
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND."

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see "Manage the input and display language settings in Windows 10".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see "Update Windows 10".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under "Reset this PC" recovery option.
    3. Select "Keep my Files".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.