[German]Update KB4345418 (or the .NET-Framework 4.7.2 Update KB4054566) released on July 16, 2018 seems to cause serious issues at Windows Server 2012 R2 and Windows Server 2016. There are reports of high CPU load using AADConnect. Also RDS connections may cause issues.

Microsoft released a series of updates for Windows 10 on July 16, 2018, which are supposed to fix Bluescreens among other things (see my blog post Windows 10: Update revisions July 16, 2018). Also included was Update KB4345418 for Windows 10 V1607 (LTSB) and Windows Server 2016, which should fix the following bugs:

• Addresses an issue that may cause some devices running network monitoring workloads to receive the 0xD1 Stop error because of a race condition after installing the July update.
• Addresses an issue with the DHCP Failover server that may cause enterprise clients to receive an invalid configuration when requesting a new IP address. This results in a loss of connectivity.

• Addresses an issue that may cause the restart of the SQL Server service to fail occasionally with the error, “Tcp port is already in use”.

• Addresses an issue that occurs when an administrator tries to stop the World Wide Web Publishing Service (W3SVC). The W3SVC remains in a “stopping” state, but cannot fully stop or it cannot be restarted.

The fixed issues mentioned were ‘deadly’ in production environments. The update was distributed via Windows Update, but is also available in the Microsoft Update Catalog. Administrators should have this update installed promptly.

AADConnect doesn’t work anymore

However, administrators quickly recognized, that AADConnect (Microsoft Azure Active Directory Connect) no longer works after installing this update. Cryta T. Lacey (@PhantomofMobile) drew my attention to the issue via Twitter.

Azure AD Connect Health Sync Monitor High CPU Usage

Thank You: @SBSDiva

ICYMI: @SBSDiva @AdminKirsty @woodyleonhard @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @etguenni @SwiftOnSecurity @pcper @SGgrc @MalwareJake @GossiTheDog @ryanshrout @JobCacka pic.twitter.com/KaDWuG0Ngg

— Crysta T. Lacey (@PhantomofMobile) 18. Juli 2018

Another users mentioned the issue at askwoody.com and posted the following description.

Just wanted to let you know of another issue that seems to be biting a lot of people with the July updates.

Even with the updated patch on Server 2016 (KB4345418) is still causing an issue with AADConnect servers that triggers a 100% CPU spike on some of the Health and Reporting monitoring services, only fix at this point is to uninstall the latest update. It seems to impact at least 2012 and 2016 servers. …

We just cancelled of our Windows patching for the month, hope MS gets this sorted out soon. What a mess.

The user linked to this MSDN forum thread, where you can find more information about the error. 

Hello.  I have Azure AD Connect installed on my server to sync our on-premise domain with Office 365 and I’m noticing the Azure AD Connect Health Sync Monitoring Service is always running high CPU usage.  The actual process is

Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe

Is there a reason for this or a way to fix it? Right now, I’m just stopping the Azure AD Connect Health Sync Monitoring Service(AzureADConnectHealthSyncMonitor) and my resources go back to normal.  I’m running Azure AD Connect 1.1.819.0 so it is the latest version.  If I restart the service, things are normal for a few minutes before this process spikes again.

This results in a high CPU load, which is also confirmed by other users. This applies to Windows Server 2016, which was mentioned in the original post, as well as Windows Server 2012 R2.

A user reports in the thread to the above problem that he also had the problem on Windows Server 2012 R2, but was able to solve it by uninstalling the.NET framework 4.7.2 update KB4054566. Maybe this will help you.

Black screen with RDS connections

Matt Wilkinson has posted a Tweet mentions another issue caused by update KB4345418:

@woodyleonhard KB 4345418 is causing issues on Server 2016 RDS with a black screen upon login. Have mitigated this issue with a script to delete firewall rules that are created per user. Black screen returned with this update.

— Matt Wilkinson (@bigfoot780) 18. Juli 2018

However, he talks about issues with Remote Desktop Services (RDS). Windows Server 2016 shows a black screen when you connect via RDS. Anyone who can confirm these issues?

Ähnliche Artikel:
.Net Framework-Update KB4340558 fehlerhaft (Error 0x80092004)?
Windows 10 Version 1607: DHCP-Bug in Update KB4338814
KB4018385 zurückgezogen & weitere Patchday-Probleme
IIS-Webserver streikt nach Update KB4338818
Microsoft und das Juli 2018-Patch-Desaster – Updates stoppen?

[German]July 2018 updates released on July 10, 2018 are forcing many Windows systems into blue screens with stop code 0xD1. Microsoft has fixed this with revised updates. Now Microsoft Japan has published an article about that incident.

After applying the Windows update published in July 2018, a Stop error 0xD1 (blue screen) is generated on several systems. According to Microsoft Japan, this phenomenon occurs in all currently supported OS versions.

The reason: Depending on the OS’s tcpip.sys driver, a problem against the NSI (Network Store Interface) service occurs. When there is a request for information on the network such as TCP connection table, problems may occur depending on the timing.

Such a demand for NSI can also occur during normal operation of the OS. Also, Microsoft Network Monitor, and in an environment where Network Monitoring software such as Wire shark operates, it occurs particularly frequently, so the probability of problems increases.

Microsoft has released updates to fix this issue (see Windows 10: Update revisions July 16, 2018). The translated article from Microsoft Japan may be read here.

Microsoft has taken the opportunity for software vendors to have their products certified for Windows. The program has been deprecated. Microsoft recommends that Vendors use the desktop bridge to distribute their software via store.

If software vendors wanted to do something special, they could register with the Sysdev portal and take advantage of the Windows Software Logo Certification Program. If the software passed the certification, the manufacturer was allowed to advertise it with the logo – and buyers had the opportunity to select software according to this certificate to ensure compatibility..

Now the Sysdev portal no longer allows or rejects this Windows software logo certification. Partners who need Microsoft certification and distribution of their Win32 applications are recommended to use the Desktop Bridge to distribute your application through the store.

The Windows software logo certification program is being deprecated from the existing Sysdev portal. Partners requiring Microsoft attestation and distribution of your Win32 apps are recommended to use Desktop Bridge to distribute your app via the Store.

— Rafael Rivera (@WithinRafael) 17. Juli 2018

That’s the message I read from this Tweet, posted by Rafael Rivera. Rivera tried to get further details:

This is fantastic. pic.twitter.com/xl62Vi5J4n

— Rafael Rivera (@WithinRafael) 17. Juli 2018

[German]Another brief information for Sunday. Microsoft seems to have massive issues with its July 2018 update for .net framework. First we have had the installation error on KB4340558, then COM application problems were found. Now the Net Framework update has been removed from Windows Update. Here is some information I could find out.

I can’t test and research anything at the moment. The night (July 21, 2018) Crysta T. Lacey (@PhantomofMobile) sent me a corresponding message via Twitter.

FOLKS, @Microsoft HAS STOP DISTRIBUTION OF .NET FRAMEWORKS’!

Thank You; @SBSDiva
You Gotta Know: @MPECSInc

ICYMI: @AdminKirsty @woodyleonhard @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @etguenni @SwiftOnSecurity @pcper @SGgrc @MalwareJake @GossiTheDog @ryanshrout @JobCacka

— Crysta T. Lacey (@PhantomofMobile) 21. Juli 2018

Can be interpreted in a way, that the .net framework updates for July 2018 have been withdrawn.

Advisory for July 2018 .NET Framework Updates

On July 20, 2018 (Friday night) the Microsoft team has released an Advisory for July 2018.NET Framework Updates. Problems are admitted there:

The July 2018 Security and Quality Rollup updates for .NET Framework was released earlier this month. We have received multiple customer reports of applications that fail to start or don’t run correctly after installing the July 2018 update. These reports are specific to applications that initialize a COM component and run with restricted permissions.

The above message has nothing to do with the installation error described in the following articles. Rather, there are probably issues that .NET applications no longer run.

The distribution of the update is stopped

Then Microsoft confirms, has it has stopped distributing the update for .NET Framework via Windows Update.

We have stopped distributing the .NET Framework July 2018 updates on Windows Update and are actively working on fixing and re-shipping this month’s updates. If you installed the July 2018 update and have not yet seen any negative behavior, we recommend that you leave your systems as-is but closely monitor them and ensure that you apply upcoming .NET Framework updates.

Note, however, that .NET Framework updates for July 2018 are still available in the Microsoft Update Catalog (as it looks on WSUS, I can’t say). If you have installed .NET Framework updates, but are not experiencing any problems, leave them installed. Otherwise I would uninstall the respective update. Details may be obtained from this MS article entnehmen.

Similar articles
.Net Framework: Update KB4340558 drops error 0x80092004?
Revised .NET Framework Update KB4340558 (July 19, 2018)

[German]If you depend on the SMBv1 network protocol, you need to pay special attention under Windows 10. Especially Windows 10 V1803 has its own specials regarding SMBv1.

Some background about the SMBv1 problem

Microsoft had already announced since summer 2017 that support for the SMBv1 protocol in Windows 10 will expire. The abbreviation SMB stands for Server Message Block (former names are LAN Manager or NetBIOS protocol), a network protocol for file, print and other server services in computer networks. Version 1 (SMBv1) of the network protocol designed over 30 years ago, and especially the Microsoft implementation, is considered very error-prone and security-critical (see Microsoft plans to deactivate SMBv1 in  Windows 10 V1709 and Stop Using SMB1).

In the meantime there are SMBv2 and SMBv3, so that the use of SMBv1 in Windows networks is no longer absolutely necessary. For example, Windows Vista is no longer dependent on SMBv1 because SMBv2 is used there.

The theory: Windows 10 uninstall unused SMBv1

For new installations of Windows 10 it was at least since Windows 10 V1709 that SMBv1 was deactivated. If devices required SMBv1, the administrator had to activate SMBv1 again via Windows features (see also).

With Windows 10 V1803, however, Microsoft has planned the following: If the SMBv1 client is not used for a total of 15 days (except when the computer is turned off), Windows 10 April Update automatically uninstalls the SMBv1 client (see this Microsoft article and my blog post Windows 10: Scanner fails after update).

But re-enabling SMBv1 in Windows 10 V1803 doesn’t fixed all network issues. Due to a bug, SMBv1 connections didn’t work after a reinstall. This has been fixed with Update KB4284848 (see PSA: Windows 10 V1803: Update KB4284848 brings SMBv1 fix). But that’s not the end.

Windows 10 Pro V1803, the SMBv1 cliff

Already in Windows 10 V1709 SMBV1 was removed and the uninstallation strategy outlined above should work in Windows 10 Home from version 1803. But the subtleties are in the details, as Ned Pyle from Microsoft explains in a tweet (thx to askwoody, who spotted it).

Issue: The “uninstall SMB1 if not used” feature in https://t.co/7UsRA4DhHg won’t work if you install a new Pro Win10 RS4 (1803) machine or in-place upgrade RS1/RS2 to RS4 while skipping upgrading RS3 (1709).

Installing Pro RS3 (1709) or upgrade RS3 to RS4, all works correctly

— Ned Pyle (@NerdPyle) 20. Juli 2018

The automatic uninstallation of the SMBv1 protocol when not in use does not work if you reinstall Windows V1803 Pro on a machine. The same applies to in-place upgrades from Windows 10 from earlier Redstone 1/2 versions to Windows 10 V1803 (Redstone 4) (up to 1703) – skipping Windows 10 V1709 (Redstone 3).

However, if Windows 10 Pro V1709 (Redstone 3) is installed and upgraded to Windows 10 V1803, the’Do not use SMBv1, uninstall protocol’ mechanism is activated as described after 15 days. How Windows 10 Home or Enterprise is behave, is left open. Did you say Linux is complicated?

Similar articles:
Microsoft plans to deactivate SMBv1 in  Windows 10 V1709
PSA: Windows 10 V1803: Update KB4284848 brings SMBv1 fix
Microsoft plans a Windows 10 V1803 SMBv1 fix on June 2018

[German]Just a hint for a Windows 10 setup (if necessary as in-place upgrade), which should be executed on encrypted media (e.g. Veracrypt drive). There is a setup option ReflectDrivers, which can be used from Windows 10 Anniversary Update (version 1607).

What the problem?

If a Windows installation or feature update is running, the target partitions should be unencrypted – especially if they are encrypted with third party tools such VeraCrypt. So it is necessary to decrypt the system disk before installation, install Windows 10 and then encrypt the partition again.

ReflectDrivers Setup Option helps

The approach outlined in the paragraph above can be avoided by using the ReflectDrivers setup option. Microsoft introduced this option in Windows 10 Anniversary Update (version 1607) or later and described it in the document Windows Setup Command-Line Options.

Specifies the path to a folder that contains encryption drivers for a computer that has third-party encryption enabled.

Setup /ReflectDrivers <folder_path>

This setting is new for Windows 10, version 1607.
Make sure that <folder_path> contains only a minimal set of encryption drivers. Having more drivers than necessary in <folder_path> can negatively impact upgrade scenarios.

So you can specify a path to the folder where the encryption driver is located for the option during setup. This approach was described in the VeraCrypt forum to support an upgrade for VeraCrypt encrypted hard drives. The poster wrote in April 2018:

I have implemented compatibility with Windows 10 upgrades through SetupConfig.ini and ReflectDrivers mechanisms and I have uploaded installer for version 1.23-BETA0 that contains this to this site.

Now automatic upgrades will work out of the box when system encryption is on and manual upgrades can be performed by typing:

setup.exe /ReflectDrivers "C:\Program Files\VeraCrypt" /PostOOBE C:\ProgramData\VeraCrypt\SetupComplete.cmd

I have done tests using upgrades from 1703 to 1709. The only issue I encountered is if the system is partially encrypted in UEFI case but this is a marginal case and it should never happen in practice.

I am looking to users who are willing to test this version in order to confirm its reliability before rolling it out. Thank you.

So for VeraCrypt there is an approach to upgrade Windows 10 to a new version. (via)

[German]On Windows 10 version 1803 it is possible that server stored user profiles are not synchronized fully/properly. This results in error messages during shutdown and in event logs.

The problem with roaming profiles

The problem is a mentioned across the Internet. For example, I came across an article here about Windows 7 from 2015. Another forum post from 2011 is here. The latest post refers to Windows 10 version 1803, when shutting down Windows 10 V1803 systems the message ‘Your roaming user profile was not fully synchronized’ appears and a hint to look for details in the event log is given. Here is the German shutdown message.

In the event display, the affected administrator found entries of the type:

Event-ID:   1509
Source:      Microsoft-Windows-User Profiles General
Description:
The file \\?\C:\Users\deepsys\AppData\Local\Microsoft\Windows\
UPPS\UPPS.bin could not be copied to \\?\UNC\server\profile\deepsys.V6\AppData\Local\Microsoft\ Windows\UPPS\UPPS.bin. Possible causes of errors are network problems or insufficient security rights. 

Event-ID:   1504
Source:       Microsoft-Windows-User Profiles Service
Description:
The roaming profile could not be fully updated. For details, see the previous events.

This can make an administrator desperate, as there will then be problems with the profiles.

Microsoft’s explanation: Changes in Windows 10 V1803

The affected administrator quoted above, finally found Microsoft’s KB article  KB4340390 “Roaming profile was not completely synchronized” error and logon, logoff delays on Windows 10 Version 1803 from June 20, 2018. Microsoft addresses the issue outlined above. The explanation:

This problem occurs because of a change that was made in Windows 10 Version 1803. This change inadvertently caused folders that are ususally excluded from roaming to be synchronized by roaming user profiles when you log on or log off. 

Microsoft is researching this problem and will post more information in this article when the information becomes available.

A workaround

If you have already upgraded to Windows 10 V1803, Microsoft suggests a workaround. To fix this issue, administrators must use the ExcludeProfileDirs registry key at

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\ExcludeProfileDirs

from a Windows 10 version 1709 machine and export it. Then import it on an affected Windows 10 version 1709 machine.

[German]Microsoft für released cumulative updates fir Windows 10 version 1607, 1703, 1709 and 1803 on July 25, 2018. Here is an Overview about these updates.

Update KB4340917 for Windows 10 V1803

Update KB4340917 is for Windows 10, Version 1803 and changes OS build to 17134.191. It has the following improvements:

• Addresses an issue that causes devices within Active Directory or Hybrid AADJ++ domains to unexpectedly unenroll from Microsoft Intune or third-party MDM services after installing provisioning package updates (PPKG). This issue occurs on devices that are subject to the Auto MDM Enrollment with AAD Token Group Policy. If you ran thescript Disable-AutoEnrollMDMCSE.PS1 as a workaround for this issue, run Enable-AutoEnrollMDMCSE.PS1 from a PowerShell window in Administrator mode after installing this update.

• Addresses additional issues with updated time zone information. 
• Improves the ability of the Universal CRT Ctype family of functions to handle EOF as valid input. 
• Addresses an issue with registration in the “Push to Install” service.
• Addresses an issue with Roaming User Profiles where the AppData\Local and AppData\Locallow folders are incorrectly synchronized at user logon and logoff. For more information, see KB4340390. 
• Addresses issues related to peripherals that use Quality of Service (QoS) parameters for Bluetooth connections. 
• Addresses an issue that causes SQL Server memory usage to grow over time when encrypting data using a symmetric key that has a certificate. Then, you execute queries that open and close the symmetric key in a recursive loop. 
• Addresses an issue where using an invalid password in a wireless PEAP environment that has SSO enabled submits two authentication requests with the invalid password. The excess authentication request may cause premature account lockouts in environments with low account lockout thresholds. To enable the changes, add the new registry key DisableAuthRetry (Dword) on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\
  PPP\EAP\26 using regedit, and set it to 1. 
• Addresses an issue that prevents OpenType fonts from printing in Win32 applications. 
• Addresses an issue with DNS Response Rate Limiting that causes a memory leak when enabled with LogOnly mode. 
• Addresses an issue in a RemoteApp session that may result in a black screen when maximizing an app window on a secondary monitor.
• Addresses an issue in IME that causes unexpected finalization of strings during Japanese input in applications such as Microsoft Outlook.

The update is offered via Windows Update, if you (so Microsoft) let check for updates via the settings page. It can also be downloaded via Microsoft Update Catalog. The update has a known issue, see kb article.

Update KB4338817 for Windows 10 V1709

Update KB4338817 is for Windows 10, Version 1709 and changes OS build to 16299.579. It has the following improvements:

• Addresses an issue that causes devices within Active Directory or Hybrid AADJ++ domains to unexpectedly unenroll from Microsoft Intune or third-party MDM services after installing provisioning package updates (PPKG). This issue occurs on devices that are subject to the “Auto MDM Enrollment with AAD Token” Group Policy. If you ran the script “Disable-AutoEnrollMDMCSE.PS1” as a workaround for this issue, run “Enable-AutoEnrollMDMCSE.PS1” from a PowerShell window running in Administrator mode after installing this update.

• Inserts a CR before LF if there was none. 
• Enables debugging of WebView content in UWP apps using the Microsoft Edge DevTools Preview app available in the Microsoft App Store. 
• Addresses an issue in which Microsoft Edge DevTools becomes unresponsive when the console is flooded with messages. 
• Addresses an issue that causes a black screen to appear for several minutes after installing Windows updates before going to the desktop. 
• Addresses additional issues with updated time zone information. 
• Improves the PDF file experience in Microsoft Edge by addressing PDF file open, print, and reliability issues. 
• Addresses an issue in which moving a Microsoft Foundation Class (MFC) application window might leave behind a dithered pattern on the desktop. 
• Addresses an issue that causes power options to appear on the Windows security screen even when the per-user Group Policy to hide power options is set. 
• Addresses an issue in which the correct lock screen image won’t show when all of the following are true:
  • GPO policy “Computer Configuration\Administrative Templates\Control Panel\Personalization\Force a specific default lock screen and logon image” is enabled.
  • GPO policy “Computer Configuration\Administrative Templates\Control Panel\Personalization\Prevent changing lock screen and logon image” is enabled
  • Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\
    System\DisableLogonBackgroundImage is set to 1.
• Addresses an issue in which a warning appears stating that the application is from an “unknown publisher” when running an application as an elevated user (Administrator).
• Addresses an issue that causes sporadic authentication issues when using Web Account Manager.
• Addresses an issue that sometimes causes the single-sign-on scenario to fail and presents the the logon tile when connecting to a Remote Desktop server. 
• Addresses an issue in which the memory usage of LSASS continues to grow until it is necessary to restart the system. 
• Addresses an issue in which the default domain for an Azure Active Directory-joined machine is not set on the logon screen automatically. 
• Addresses an issue that causes SQL Server memory usage to grow over time when encrypting data using a symmetric key that has a certificate. Then, you execute queries that open and close the symmetric key in a recursive loop.
• Addresses an issue in which using an invalid password in a wireless PEAP environment that has SSO enabled causes the submission of two authentication requests with the invalid password. The excess authentication request may cause premature account lockouts in environments with low account lockout thresholds. To enable the changes, add the new registry key, “DisableAuthRetry” (Dword) on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\
  PPP\EAP\26 using regedit, and set it to 1. 
• Addresses an issue that may cause the BITS service to become unresponsive when the service cannot connect to Internet resources. 
• Addresses an issue that prevents printing on a 64-bit OS when 32-bit applications impersonate other users (typically by calling LogonUser). This issue occurs after installing monthly updates starting with KB4034681, released in August 2017. To resolve the issue for the affected applications, install this update, and then do one of the following:
  • Use Microsoft Application Compatibility Toolkit to globally enable the Splwow64Compat App Compat Shim.
  • Use the following registry setting, and then restart the 32-bit application: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print Setting: Splwow64Compat
    Type: DWORD Value1: 1    
• Addresses an issue with DNS Response Rate Limiting that causes a memory leak when enabled with LogOnly mode. 
• Addresses an issue that sometime prevents a system from shutting down or being placed in Hibernation. This issue occurs on the first boot after performing disk encryption on an SSD drive. 
• Addresses an issue that prevents access to SMB shares using IP addresses if SMB hardening is enabled. 
• Addresses an issue in which using mandatory (read-only) user profiles for RDP might result in the error code, “Class not registered (0x80040151)”.
• Addresses an issue in which not all network printers are connected after a user logs on. The HKEY_USERS\User\Printers\Connections Key shows the correct network printers for the affected user. However, the list of network printers from this registry key is not populated in any app, including Microsoft Notepad or Devices and Printers. Printers may disappear or become non-functional.
• Addresses an issue that causes in-place upgrades to Windows 10 version 1709 to stop responding at the “Making sure you’re ready to install” screen. This occurs while performing device inventory on devices that have installed monthly updates since April 2018.
  Note  WSUS can also deliver Dynamic Updates (DU) to devices when configured to sync Dynamic Update content. Verify that Dynamic Updates haven’t been disabled by the /DynamicUpdate Disable setup switch.
• Addresses a rendering issue that occurs while dynamically modifying the classname or ID of elements on a page.
• Addresses an issue that prevents Memory Analyzer and Performance Analyzer from working properly in Microsoft Internet Explorer 11 Developer Tools.

The update is offered via Windows Update, if you (so Microsoft) let check for updates via the settings page. It can also be downloaded via Microsoft Update Catalog. The update has a known issues, see kb article.

Update KB4338827 for Windows 10 V1703

Update KB4338827 is for Windows 10, Version 1703 and changes OS build to 15063.1235. It has the following improvements:

• Addresses additional issues with updated time zone information. 
• Changes the music metadata service provider used by Windows Media Player. 
• Addresses an issue in which some characters were not rendered correctly using the Meiryo font in vertical writing mode. 
• Addresses an issue that may cause the operating system to stop responding when transitioning from Sleep to Hibernation. 
• Addresses an issue in which the memory usage of LSASS continues to grow until it is necessary to restart the system. 
• Addresses an issue that may cause dual-signed files to report a failure when they should report success. This occurs when running Windows Defender Application Control in audit mode. 
• Addresses an issue that causes SQL Server memory usage to grow over time when encrypting data using a symmetric key that has a certificate. Then, you execute queries that open and close the symmetric key in a recursive loop. 
• Addresses an issue that prevents printing on a 64-bit OS when 32-bit applications impersonate other users (typically by calling LogonUser). This issue occurs after installing monthly updates starting with KB4034681, released in August 2017. To resolve the issue for the affected applications, install this update, and then do one of the following:
  • Use Microsoft Application Compatibility Toolkit to globally enable theSplwow64Compat App Compat Shim.
  • Use the following registry setting, and then restart the 32-bit application: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print Setting: Splwow64Compat
    Type: DWORD Value1: 1    
• Addresses an issue in which Wi-Fi credentials must be entered each time a device restarts and tries to reconnect to Wi-Fi using Group Policy-distributed Preferred Network Profiles.
• Addresses an issue in which using an invalid password in a wireless PEAP environment that has SSO enabled causes the submission of two authentication requests with the invalid password. The excess authentication request may cause premature account lockouts in environments with low account lockout thresholds. To enable the changes, add the new registry key, “DisableAuthRetry” (Dword) on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\
  PPP\EAP\26 using regedit, and set it to 1.
• Addresses an issue in which Wi-Fi credentials must be entered each time a device restarts and tries to reconnect to Wi-Fi using Group Policy-distributed Preferred Network Profiles.
• Addresses an issue in which not all network printers are connected after a user logs on. The HKEY_USERS\User\Printers\Connections Key shows the correct network printers for the affected user. However, the list of network printers from this registry key is not populated in any app, including Microsoft Notepad or Devices and Printers. Printers may disappear or become non-functional.

The update is offered via Windows Update, if you (so Microsoft) let check for updates via the settings page. It can also be downloaded via Microsoft Update Catalog. The update has a known issues, see kb article.

Update KB4338822 for Windows 10 V1607

Update KB4338822 is for Windows 10, Version 1607 (only Enterprise) and Windows Server 2016 available and raises the os build to14393.2395. Details may be obtained from kb article.

[German]Microsoft has released two Intel Microcode updates KB4100347 and KB4090007 on July 24, 2018. One update is for Windows 10 V1803, the other for Windows 10 V1709. 

Update KB4100347 for Windows 10 V1803

Update KB4100347 (Intel Microcode Update) is available for Windows 10 V1803 and closes the following vulnerability:

Intel recently announced that they have completed their validations and started to release microcode for recent CPU platforms related to Spectre Variant 2 (CVE 2017-5715 [“Branch Target Injection”]).

The update applies to several Intel processors listed in the KB article. It is a standalone update for Windows 10 version 1803 (Windows 10 April 2018 update) and Windows Server version 1803 (Server Core). This update is distributed across the Microsoft Update Catalog, and also includes Intel microcode updates that were released when released for these operating systems (RTM).

Microsoft intends to offer additional microcode updates from Intel for this operating system via the KB article as soon as they are available for Microsoft. Vulnerability protection is enabled by default for Windows client systems, so no action is required.

Please make sure that protection against Spectre Variant 2 for servers is enabled via the registry settings documented in the article Windows Server guidance to protect against speculative execution side-channel vulnerabilities.

Microsoft advises: Check with your device manufacturer and Intel through their websites for microcode recommendations for your device before applying this update to your device.

Update KB4090007 for Windows 10 V1709

Update KB4090007 is the same Intel Microcode update as described above, but is available for Windows 10 V1709. The list of supported updates is listed in the KB article. There you will also find further details and the link to the Microsoft Update Catalog.

[German]Today a short information about a bug in Windows 10 V1803, preventing disk management to recognize internal SATA drives in a proper way. The interna SATA drives are detected in disk management as removal drives.

German blog reader Michael T. already contacted me via e-mail a couple of weeks ago (thanks for that), and pointed to a bug, that became known in 2015, and is also present Windows 10 version 1803. He writes:

By chance I noticed an older bug from the year 2015 in the new version 1803. 

It is about the following: a new 3.5″ HDD from WD was bought and installed.

Windows recognized the hard disk, but could not do anything with it. The volume management from disk management showed it as marked, as online but I could not format that media. 

It allegedly had a 2 TB GPT partition and just under 1.9 TB of unused storage. Deleting the GPT or creating a new volume was not possible.

Via disk part I could see that the disk had no partition occupied and was completely empty. So I created and formatted a new primary partition. Then the HDD was ready and usable!

(Click to zoom)

The screenshot above shows the partitioning of the disk in Disk Management. With diskpart you can get at a hard disk to work in cases the disk management fails. Then Michael writes the following about the actual bug:

Now let’s come to the bug: [the internal SATA hard disk] is recognized as an ejectable, external HDD!

Michael mentioned the Microsoft kb article Internal SATA Drives show up as removeable media from September 2015, that addresses this issue. Microsoft provides a workaround, adding a parameter to the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
storahci\Parameters\Device

The Reg_SZ value TreatAsInternalPort has to be set to the drives bus numer. Details may be read at Microsoft’s kb article KB3083627.

[German]Microsoft has released new Insider Previews (17723 and 18204) of Windows 10. Some new features for future Windows 10 builds are also known.

Two new Insider Preview builds 17723 and 18204

Microsoft has released two insider previews for two different development branches (Redstone 5 build 1772 , and build 18204 for skip ahead branch 19H1). Redstone 5 build will end as Windows 10 V1809 in autumn 2018. The skip ahead branch, named 19H1 will end in Windows 10 Build released in Spring 2019. The announcement has been made within the Windows Blog. There one can inform oneself about the innovations as well as the known issues. Basically the builds for RS5 and Skip Ahead are identical, you will add new features later in 19H1 which are not considered in RS5.

[German]Microsoft has added a new features to the Insider Preview Builds released last night. It’s possible, to add a feature ‘Virtual Machines’. Seems as a kind of platform virtualization support w/o Hyper-V.

Currently not too much about that feature is known. Tero Alhonen (@teroalhonen) has spotted and tweeted it.

Windows 10 19H1 enables platform support for virtual machines without Hyper-V pic.twitter.com/zHp5renLO1

— Tero Alhonen (@teroalhonen) 26. Juli 2018

Currently it’s in Redstone 5 and also in 19H1 Insider Preview, but it seems non functional. This feature is also available in Home edition, according to German blog reader.

[German]Since Windows 8.1, Microsoft has introduced the Sleep Study module for power management. Here is some information about Sleep Study and also issues with this tool are addressed.

I confess, the Sleep Study function has never came to my attention. This blog post was inspired by a post from Microsoft in June 2018 on the diagnostic possibilities of this module. 

What is Sleep Study?

Tracking system activity and battery consumption during standby mode can be difficult. The reason: Tracking even unnecessary activity in Windows can affect battery consumption itself. For example, traditional logging on a hard disk has the undesirable side effect that the battery charge is consumed excessively when the hard disk is activated for logging.

Microsoft has therefore introduced the software tool Sleep Study from Windows 8.1 upward. It is available in all Windows PCs that implement the modern standby power model. Sleep Study can measure power consumption in standby mode with minimal impact on battery consumption. The Sleep Study tool is designed so that it does not generate activities that could affect the standby performance it measures.

Microsoft published the article Modern standby SleepStudy in 2017, which describes the tool. The Sleep Study tool gives (according to the article) an overview of each standby session. This information includes active time, idle time and power consumption. A session starts when the system goes into modern standby mode and ends when it leaves it.

Use Sleep Study for diagnose

Sleep Study provides information about the causes of activities that occur during each standby session. This function enables an easy examination of long-term activities. The tool can be called with the command

powercfg.exe /SleepStudy

further call options are described in this Microsoft article. This allows you to specify a time for monitoring or generate a report. In June 2018 Microsoft published the blog postSleep Study: Diagnose what’s draining your battery while the system sleeps. The article deals with the use of the tool. 

(Sleep Study-Call, Source: Microsoft)

Sleep Study issues

The tool can be quite useful to track down issues with power consumption in standby mode, but it can also be quite problematic. During my research I came across this Microsoft Answers forum post titled Sleep Study Writing All Over C: Drive, an SSD from March 2017. I found also a German Technet forum entry mentions a similar issue. In both cases, users had the problem that an enabled sleep study would fill the hard disk or SSD and then cause problems. In the latter case, it was the third-party tool Nero TuneItUp that caused the problems. 

Another positive news: Microsoft has probably fixed some older display errors like the BlackScreen bug or the missing brightness control in Windows 10 April Update (V1803).

The didn’t recognized that, until I found this article from June 2018. Update KB4284835 for Windows 10 V1803 from June 2018 contains some quality improvements. Among other things, it lists:

• Addresses an issue with the brightness controls on some laptops after updating to the Windows 10 April 2018 Update.
• Addresses an issue that caused the system to start up to a black screen. This issue occurs because previous updates to the Spring Creators Update were incompatible with specific versions of PC tune-up utilities after installation

If the brightness control on notebooks is inaccessible, this is probably due to an incorrect graphics driver being installed.

[German]Today a blog post about a general topic. The question is: what is a race condition? Some blog readers may have noticed this term while reading update issues.

For example, within my blog article Windows Server 2012 R2 / 2016: High CPU load with Update KB4345418 / KB4054566 a race condition is mentioned:

Addresses an issue that may cause some devices running network monitoring workloads to receive the 0xD1 Stop error because of a race condition after installing the July update.

Also the blog post Windows 10 V1607-V1709: Updates from June 21, 2018 mentions a race condition:

Addresses an issue where Windows Defender Security Center and the Firewall Pillar app stop working when opened. This is caused by a race condition that occurs if third-party antivirus software has been installed.

The blog post Windows 7: Preview Rollup Update KB4088881 (03/23/2018) mentions a race condition during updating.

Addresses issue with a race condition in the Universal C Runtime (CRT) that occurs when you update the global locale. The issue corrupts the current locale reference count and triggers a double free condition.

Seems to be not so rare and can occur in all Windows versions, but also under macOS or Linux.

Race Condition, some explantions

Wikipedia knows more about this: A race condition or race hazard is the behavior of an electronics, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended.

Race conditions can occur especially in multithreaded or distributed software programs. Unintentional race condition are a common cause of hard-to-find bugs; characteristic of such situations is that even the changed conditions for program testing, such as additional logging or debug mode, can lead to a complete disappearance of symptoms.

Microsoft has released kb article 317723 (Description of race conditions and deadlocks) about that topic – but with focus on Visual Basic 2003 and VB .NET 2003. This article deals with accessing a shared variable through two competing threads. The race condition leads to unpredictable results.

An example from March 2018

Susan Bradley adressed this topic on askwoody.com in March 2018, at that time due to current events (KB4075150 install ended on many system with non-booting machines, due to race condition). Microsoft’s explanation of the problem as:

This issue occurs in the unlikely event, due to a race condition, that the Windows Update servicing stack incorrectly skips installing the newer version of some critical drivers in the cumulative update and uninstalls the currently active drivers during maintenance.

A driver was successfully uninstalled there (the transaction was successful). But the new driver was not installed due to a race condition (MS remains unspezific, we have to call it a bug). Because acip.sys was a critical boot driver, the machines could not start. Susan Bradley discusses the details in the article at askwoody.com linked above and reports that in dism uninstall attempts only one’shot’ was free to trigger the driver rollback.

[German]July 2018 represents another low with regard to issues caused from Microsoft’s updates. Since the month is almost over, here is a look at security advisories and problematic updates, as well as some basic thoughts..

Currently Microsoft has a nice run …

Actually, it works great for Microsoft. Last week some sites reported, that the tax administration of Lower Saxonia (Germany) wants to migrate 13,000 computers from Linux to Windows and Microsoft software. Then, at the Inspire partner conference in Las Vegas, it was announced that Microsoft wanted to win over professional consumers. Mary Joe Foley reported here on that topic – whatever the marketing drivel of Microsoft may mean.

(Source: Statista)

And Microsoft’s latest quarter revenue figures let stock market participants rejoice, a profit of 7.6 billion euros, in the fourth quarter of the 2018 financial year. With turnover rising by more than 17 percent to 30.1 billion US dollars. The cloud boom is driving sales and profits at Microsoft. Microsoft’s management did everything right in Redmond, at least when it comes to making money.

And Microsofts sales team have even started to raise the prices for subscriptions for the upcoming Office 2019 and Windows 10 Enterprise – because there is a cash cow. The details can be found at OnMSFT. But there is still another thing. Microsoft has to provide old customers with something like updates for products – and there is something going wrong at Microsoft – and that could pay off in the long run.

July 2018 Security Advisories and Vulnerabilities

There are two pieces of information that have come to my attention these days. Once I came across a link to the exploit-db.com website on a social network. Under the linked search term, the site lists all vulnerabilities or exploits that affect Windows or Windows software.

Well, the hint came from a Linux fan who pointed out that there too Ubuntu has vulnerabilities. But these would be fixed quickly, while in Windows you had to wait for the patchday. And there, so my objection, users must hope that the patch can be installed and causes no collateral damage.

The second tip came from Susan Bradlay at askwoody.com, who pointed out vulnerabilities closed at Microsoft for July 2018 and patch problems (see following section). Microsoft’s Juli 2018 release notes contain the following CVEs with additional information and release notes that administrators should note.

• ADV170017*
• ADV180002*
• ADV180012*
• ADV180016*
• ADV180017
• CVE-2018-8202 *
• CVE-2018-8260 *
• CVE-2018-8281
• CVE-2018-8282
• CVE-2018-8289
• CVE-2018-8297
• CVE-2018-8299*
• CVE-2018-8300*
• CVE-2018-8305*
• CVE-2018-8306*
• CVE-2018-8310
• CVE-2018-8312
• CVE-2018-8319*
• CVE-2018-8323*
• CVE-2018-8324
• CVE-2018-8325
• CVE-2018-8326*
• CVE-2018-8327*

All links with an asterisk behind them contain additional information which must be observed after the installation of the relevant updates. A lot to read for administrators.

Known issues from July 2018 updates

The much more critical part of Microsoft’s July 2018 release notes deals with known problems with the July 2018 updates. Here is the list:

• 4295656
• 4338415
• 4338416
• 4338417
• 4338418
• 4338419
• 4338420
• 4338421
• 4338422
• 4338423
• 4338424
• 4338600
• 4338601
• 4338602
• 4338604
• 4338605
• 4338606
• 4338610
• 4338611
• 4338612
• 4338613
• 4338814
• 4338815
• 4338818
• 4338819
• 4338820
• 4338821
• 4338823
• 4338824
• 4338825
• 4338826
• 4338829
• 4338830
• 4340004
• 4340005
• 4340006
• 4340007
• 4340556
• 4340557
• 4340558
• 4340559
• 4345232
• 4345418
• 4345419
• 4345420
• 4345421
• 4345455

For some KB articles there is a note that the problem has been solved with a subsequent update. But especially the Security and Quality Rollup updates for.NET Framework 3.5 SP1 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4338424) has kept administrators around the globe busy. The update was supposed to close the vulnerabilities CVE-2018-8284, CVE-2018-8202 and CVE-2018-8356, but could not be installed on many systems in the Windows 8.1/Server 2012 R2 environment. Those who managed the installation might have faced further problems (applications threw errors or could not start). After several attempts for rework the update was withdrawn.

If you look at the list of links above, you get a bad feeling and the question ‘Is Microsoft does things in a right manner?’ arise. The effect may be a result of layoffs in the quality assurance and test departments in the last three or four years – the developers should test the updates themselves. In 2016 I published some thoughts in a German blog post Scheitert Microsofts neuer Entwicklungs-Workflow?  The ‘lack of testers with experience’ after a wave of layoffs and the changed development paradigm were also addressed there. At that time, however, I did not come to a definitive conclusion as to why the quality of the updates, at least I felt, was diminishing.

A second cause could also be the increased complexity has been patched into Windows 7 to Windows 10, for example, at least I will be quite different. But at this point, I have to say: It’s all speculation on my part, there could be other causes. All in all, however, my interpretation is that updates and patch days have become a game of Russian roulette for administrators. And the July 2018 updates represent (at least in my impression) a new low point in terms of quality and update issues. Even if Microsoft is doing well at the moment in terms of sales, a mortgage may be building up, which at the moment only through the WinTel monopoly and the lack of alternatives will lead many users to stick to the old-fashioned. Or have you made other observations and insights that you want to share as comments? 

[German]Microsoft has announced the general availability of LEDBAT for the upcoming Windows Server 2019 version. But LEDBAT can already be used in Windows 10 and Windows Server 2016 optional in an experimental mode.

Some background: Optimizing TCP stack

In July 2016, Microsoft announced five new features (some on an experimental basis) for the TCP stack of Windows Server 2016 and Windows 10 Anniversary Update (V1607). The Register has discussed the following new features in this blog post. 

1. TCP Fast Open (TFO) for zero RTT TCP connection setup. IETF RFC 7413
2. Initial Congestion Window 10 (ICW10) by default for faster TCP slow start
3. TCP Recent ACKnowledgment (RACK) for better loss recovery (experimental IETF draft)
4. Tail Loss Probe (TLP) for better Retransmit TimeOut response (experimental IETF draft)
5. TCP LEDBAT for background connections IETF RFC 6817

Microsoft argued at the time that the changes were necessary “to reduce latency (of Internet connections via TCP), improve reliability and promote better network citizenship”.

Especially #5 TCP LEDBAT is interesting. According to Wikipedia, LEDBAT (Low Extra Delay Background Transport) offers the ability to quickly transfer data over the Internet without clogging the network.

LEDBAT was developed by Stanislav Shalunov and is used by Apple for software updates and by BitTorrent for most of its transmissions. It is estimated that 13-20% of Internet traffic is handled by LEDBAT. LEDBAT is a delay-based overload control algorithm that utilizes the entire available bandwidth while limiting the increase in delay. It does this by measuring the one-sided delay and using changes in the measurements to limit the overload caused by the LEDBAT flow itself on the network.

This article deals with Traffic Shaping using ConfigMgr and LEDBAT under Windows 10/Server 2016. Another article discusses bandwith management in Windows using Microsoft’s LEDBAT++

Full support for Microsoft LEDBAT in Server 2019

Now Microsoft has declared LEDBAT as GA (General Availability) for Windows Server 2019. This is reported by The Register in this article. Microsoft employee Daniel Havey has probably contacted The Register and told the editors that LEDBAT has reached full support for Windows Server 2019 (this OS version is still in the preview phase). At the same time, Havey published this blog posts with more details using LEDBAT under Windows Server 2019. The article mentions also how to use LEDBAT in SCCM.

(Source: Microsoft)

Just a brief information for those interested in the Classic Shell start menu replacement. The tool that provides a Windows start menu has been renamed again. Here are some details.

Classic Shell development discontinued

The developer of the Classic Shell, Ivo Beltchev, has stopped developing the project, but has handed the source code to the community for further maintenance. I had blogged about that within my German blog post Windows: Aus für Startmenü-Ersatz Classic Shell?.

New project Classic Start

The tool has been re-started with the new name Classic Start. A German blog reader mentioned that within a comment. The tool Classic Start is available at GitHub and a release version is available here.

New project name: NeoClassic-UI/Menu

German blog reader Georg S. has send me a mail, informing me, that the tool or the project got a new name. It’s called now NeoClassic-UI/Menu, but no new version of the tools has been released yet. The project is available at GitHub.

[German]Within the blog post I like to document another strange observation made by an administrator on a German Windows 10 Enterprise. The Windows Defender Application Guard displays a user interface in either Czech or Polish.

Windows Defender Application Guard

Windows Defender Application Guard (WDAG) is available as a security feature since Windows 10 Enterprise version 1709. Designed for Windows 10 and Microsoft Edge, Application Guard helps isolate the untrusted Web sites defined by your organization. An administrator can define for a company what belongs to the trustworthy websites, cloud resources and internal networks. Anything not included in the list is considered as untrustworthy. Microsoft has published this WDAG description with details. This article describes how to activate WDAG, and this English article describes, how to use WDAG to secure Edge.

Wrong language in WDAG window

Let’s come to the issue, German blog reader Werner P. is facing. Werner wrote within an e-mail, that he has a newly unpacked Fujitsu Q957 with Windows 10 Enterprise V1803 that has been updated to the least recent patch level. Windows 10 Enterprise is set up in German, as shown in the following screenshot.

If nothing noticeable – and if I put the WDAG into operation on this client, I assume that the administration windows are displayed in German. But Werner wrote:

I have a strange behavior when activating Windows Defender Application Guard on a newly unpacked and updated Fujitsu Q957.

The system language (and also the language in the normal Edge) is German – when I start the Defender Application Guard, I have the Application Guard window at once in Czech or Polish.

Werner send me the screenshot below showing that strange behavior. Edge has a German GUI, while the message in WDAG is Czech or Polish.

(Windows Defender Application Guard with wrong language, click to zoom)

Werner mentiones that he found nothing similar to this error searching the Internet (I was also not successful). Uninstalling and reinstalling this feature is, according to Werner, unsuccessful. Besides a bug, I would think of a check of the system per DISM and the temporary change of the location in the settings. I suggested it to Werner.

Werner answered, that DISM didn’t helped, and the machine have had only a German language pack installed. He has added an Englisch language pack, switched the language, but without success. He assume, that the Fujitsu image is probably wrong and will try a Microsoft image. If that helps, I will add the information.

Since I don’t deal with the Windows Defender Application Guard, I post the topic here in this blog. Maybe one of you admins has an idea or is even affected. Let’s see if there’s any feedback. 

[German]Microsoft released updates for various Windows and .NET framework versions on July 30, 2018. This is updates are intended fix a couple of collateral damage caused by the previous .NET framework updates.

German blog reader Frank T. (thanks for the hint) just e-mailed me about Microsoft KB article 4345913 “Access Denied” errors and applications with COM activation fail after installing July 2018 Security and Quality Rollup updates for .NET Framework, which refers to .NET Framework. 

Issues with old .NET-Framework Updates

Applications that rely on the .NET Framework to initialize a COM component and run with limited privileges may not start or run correctly after the July 2018 .NET Framework security and quality rollup updates are installed.

After installing one of the July 2018 .NET Framework Security Updates, a COM component cannot be loaded because the errors “access denied”, “class not registered” or “internal failure occurred for unknown reasons” occur. The most common error signature is the following

Exception type: System.UnauthorizedAccessException

Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

KB4345913 lists the affected applications, started from Sharepoint, to BizTalk Server Administration Console, IS with Classic ASP up to .NET applications.

A list of new Updates

As of July 30, 2018, Microsoft has released the following fixup updates for Windows and.NET Framework.

• 4346877 Update for Windows 10, version 1607 and Windows Server 2016: July 30, 2018
• 4346406 Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346406): July 30, 2018
• 4346405 Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows Server 2012 (KB 4346405): July 30, 2018
• 4346407 Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 on Windows 7 SP1 and Server 2008 R2 SP1 and .NET Framework 4.6 on Server 2008 SP2 (KB 4346407): July 30, 2018
• 4346408 Update for .NET Framework 4.5.2 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346408): July 30, 2018
• 4346739 Update for .NET Framework 4.5.2 on Windows Server 2012 (KB 4346739): July 30, 2018
• 4346410 Update for .NET Framework 4.5.2 on Windows 7 SP1, Server 2008 R2 SP1 and Server 2008 SP2 (KB 4346410): July 30, 2018
• 4346745 Update for .NET Framework 3.5 SP1 on Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4346745): July 30, 2018
• 4346742 Update for .NET Framework 3.5 SP1 on Windows Server 2012 (KB 4346742): July 30, 2018
• 4346744 Update for .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4346744): July 30, 2018
• 4346743 Update for .NET Framework 2.0 SP2 and 3.0 SP2 on Windows Server 2008 SP2 (KB 4346743): July 30, 2018

In the KB article, Microsoft also describes workarounds for the known issues. Details can be found in the KB article or the linked articles from Microsoft.