Windows 10, version 1909 and Windows Server, version 1909

Find information on known issues and the status of the rollout for Windows 10, version 1909 and Windows Server, version 1909. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). Want the latest Windows release health updates? Follow @WindowsUpdate on Twitter.

Current status as of May 27, 2020
Windows 10, version 1909 is designated ready for broad deployment for all users via Windows Update.

We recommend commercial customers running earlier versions of Windows 10 nearing end of support begin broad deployments of Windows 10, version 1909 in their organizations.
Windows 10, version 20H2 is now available Windows 10, version 20H2 is now available
Find out how to get the update >
What’s new for IT pros What’s new for IT pros
Explore the latest features and servicing innovations in Windows 10, version 20H2 >

Known issues

This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

SummaryOriginating updateStatusLast updated
Domain controllers in your enterprise might encounter Kerberos authentication issues
Authentication and renewal issues for Kerberos ticket after installing updates released November 10, 2020.
OS Build 18363.1198
KB4586786
2020-11-10
Resolved
KB4594443
2020-11-19
10:00 PT
Certificates may not be present after updating to a newer version of Windows 10
Devices in a managed environment using update management tools or ISO images might lose certificates when updating.
OS Build 18363.1110
KB4577062
2020-09-16
Resolved
2020-11-17
14:11 PT
Local Security Authority Subsystem Service (lsass.exe) might fail on some devices
Affected devices might receive a critical system process error and the device might restart.
OS Build 18363.836
KB4556799
2020-05-12
Resolved
KB4565483
2020-07-14
10:00 PT
“Reset this PC” feature might fail
“Reset this PC” feature is also called “Push Button Reset” or PBR.
N/A
KB4524244
2020-02-11
Mitigated
2020-02-15
01:22 PT
You might encounter issues with KB4524244
You might encounter issues trying to install or after installing KB4524244
N/A
KB4524244
2020-02-11
Mitigated
2020-02-15
01:22 PT

Issue details

November 2020

Domain controllers in your enterprise might encounter Kerberos authentication issues

StatusOriginating updateHistory
Resolved
KB4594443
OS Build 18363.1198
KB4586786
2020-11-10
Resolved: 2020-11-19, 10:00 PT
Opened: 2020-11-14, 01:39 PT
After installing KB4586786 on domain controllers (DCs) and read-only domain controllers (RODCs) in your environment, you might encounter Kerberos authentication issues. This is caused by an issue in how CVE-2020-17049 was addressed in these updates. As noted in CVE-2020-17049, there are three registry setting values for PerformTicketSignature to control it, but in the current implementation you might encounter different issues with each setting:
  • Setting the value to 0 might cause authentication issues when using S4U scenarios, such as scheduled tasks, clustering, and services for example line-of-business applications.
  • The default value setting of 1 might cause non-Windows clients authenticating to Windows Domains using Kerberos to experience authentication issues.
    • With setting 1, clients attempting to renew a Kerberos ticket that should be renewable on a DC updated with KB4586786 will fail to renew the Kerberos ticket if it was issued from a DC that has not installed an update released November 11, 2020 or any DC running Windows Server 2008 R2 SP1 or Windows Server 2008 SP2.
    • Going from 0 to 1 might also cause this issue since there can be outstanding Kerberos tickets that are marked renewable, but will not be renewed by updated DCs.
  • With the default value setting of 1, you might also have Cross realm referrals failures on Windows and non-Windows devices for Kerberos referral tickets passing through domain DCs that have not installed an update released November 11, 2020 or any DC running Windows Server 2008 R2 SP1 or Windows Server 2008 SP2. This issue might happen if domain environment is partially updated or contains at least one Windows Server 2008 R2 SP1 or Windows Server 2008 SP2.
  • Setting the value to 2 is intended for enforcement mode and will create issues in an environment where not all DCs are updated because it will explicitly reject certain types of non-compliant Kerberos tickets. It should also not be used at this time if your environment contains DCs running Windows Server 2008 R2 SP1 or Windows Server 2008 SP2.
Note This issue only affects Windows Servers, Windows 10 devices and applications in enterprise environments.

Affected platforms:
  • Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in the out-of-band update KB4594443. It is a cumulative update, so you do not need to apply any previous update before installing it. To get the standalone package for KB4594443, search for it in the Microsoft Update Catalog. You can import this update into Windows Server Update Services (WSUS) manually. See the Microsoft Update Catalog for instructions. Note KB4594443 is not available from Windows Update and will not install automatically.

October 2020

Certificates may not be present after updating to a newer version of Windows 10

StatusOriginating updateHistory
ResolvedOS Build 18363.1110
KB4577062
2020-09-16
Resolved: 2020-11-17, 02:11 PT
Opened: 2020-10-30, 05:16 PT
System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated. 
 
Note Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps. 
 
Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows using the instructions here. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. You will then need to update to the later version of Windows 10 after the issue is resolved in your environment. Note Within the uninstall window, you can increase the number of days you have to go back to your previous version of Windows 10 by using the DISM command /Set-OSUninstallWindow. You must make this change before the default uninstall window has lapsed. For more information, see DISM operating system uninstall command-line options

Affected platforms:
  • Client: Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1903
  • Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1903
Resolution: This issue is now resolved when using the latest feature update bundles and refreshed media. Feature update bundles were released November 9, 2020 for Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Refreshed media was released November 3, 2020 on Volume Licensing Service Center (VLSC) and Visual Studio Subscriptions (VSS, formerly MSDN Subscriptions). For information on verifying you're using the refreshed media, see How to address feature update refreshes in your environment. If you are using or creating custom media, you will need to include an update released October 13, 2020 or later.

Note If you are updating to Windows 10, version 20H2, this is only resolved with the feature update bundle released November 9, 2020. Refreshed media is not yet available on VLSC or VSS. Refreshed media for VLSC and VSS will be released in the coming weeks to address this issue and another known issue that requires a media refresh. Please check the known issue here for the status of the remaining Windows 10, version 20H2 known issue.

June 2020

Local Security Authority Subsystem Service (lsass.exe) might fail on some devices

StatusOriginating updateHistory
Resolved
KB4565483
OS Build 18363.836
KB4556799
2020-05-12
Resolved: 2020-07-14, 10:00 PT
Opened: 2020-06-24, 12:46 PT
The Local Security Authority Subsystem Service file (lsass.exe) might fail on some devices immediately after login with the error message in system event log Wininit event 1015 is logged with the text, “A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000008. The machine must now be restarted." c0000008 is an invalid handle error related to Credential Manager (VaultSvc) Service.

Affected platforms:
  • Client: Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4565483.

Note If you are receiving an LSASS failure on Windows 10, version 20H2, while "Your PC will automatically restart in one minute" is displayed for both issues, it is a different error code (status code C0000374, a heap corruption issue) and a different issue. Please see You might receive an error when accessing the sign-in options or users MMC snap-in.

February 2020

“Reset this PC” feature might fail

StatusOriginating updateHistory
MitigatedN/A
KB4524244
2020-02-11
Last updated: 2020-02-15, 01:22 PT
Opened: 2020-02-15, 12:02 PT
Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
  1. Select the start button or Windows Desktop Search and type update history and select View your Update history.
  2. On the Settings/View update history dialog window, Select Uninstall Updates.
  3. On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
  4. Restart your device.
  5. Upon restart use the “Reset this PC” feature and you should not encounter this issue.

Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.

You might encounter issues with KB4524244

StatusOriginating updateHistory
MitigatedN/A
KB4524244
2020-02-11
Last updated: 2020-02-15, 01:22 PT
Opened: 2020-02-15, 12:02 PT
You might encounter issues trying to install or after installing KB4524244.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To help a sub-set of affected devices, the standalone security update ( KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.

If this update is installed and you are experiencing issues, you can uninstall this update.
  1. Select the start button or Windows Desktop Search and type update history and select View your Update history.
  2. On the Settings/View update history dialog window, Select Uninstall Updates.
  3. On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
  4. Restart your device.
 
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.