June 13, 2017—KB4022717 (Security-only update)
Applies To
Windows 8.1 Windows Server 2012 R2Release Date:
6/13/2017
Version:
Security-only update
Improvements and fixes
This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
-
Addressed issue where, after installing KB3170455 (MS16-087), users have difficulty importing printer drivers and get errors with error code 0x80070bcb.
-
Addressed a rare issue where mouse input can cease to function. The mouse pointer may continue to move, but movements and clicks produce no response other than a beeping noise.
-
Addressed issue where printing a document using a 32-bit application can crash a Print Server in a call to nt!MiGetVadWakeList.
-
Addressed issue where an unsupported hardware notification is shown and Windows Updates not scanning, for systems using the AMD Carrizo DDR4 processor or Windows Server 2012 R2 systems using Xeon E3V6 processor. For the affected system, follow the steps in the Additional Information section below to install this update.
-
Security updates to Microsoft Windows PDF, Windows shell, Windows Kernel, Microsoft Graphics Component, Microsoft Uniscribe, Microsoft Scripting Engine, Windows COM, and Windows Kernel-Mode Drivers. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.
Known issues in this update
Symptom |
Workaround |
if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. |
Microsoft is researching this problem and will post more information in this article when the information becomes available. For more information about this issue, see the following section. |
Windows Server 2012 R2 and Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:
-
The operating system stops responding
-
You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.
-
User log on failures occur together with a "No Logon Servers Available" error.
-
Application and service failures occur because of ephemeral port exhaustion.
-
An unusually high number of ephemeral ports are being used by the System process.
-
An unusually high number of threads are being used by the System process.
Cause
This issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:Windows Server 2012 R2
Release date |
KB |
Article title |
May 16, 2017 |
KB 4015553 |
April 18, 2017—KB4015553 (Preview of Monthly Rollup) |
May 9, 2017 |
KB 4019215 |
May 9, 2017—KB4019215 (Monthly Rollup) |
May 9, 2017 |
KB 4019213 |
May 9, 2017—KB4019213 (Security-only update) |
April 18, 2017 |
KB 4015553 |
April 18, 2017—KB4015553 (Preview of Monthly Rollup) |
April 11, 2017 |
KB 4015550 |
April 11, 2017—KB4015550 (Monthly Rollup) |
April 11, 2017 |
KB 4015547 |
April 11, 2017—KB4015547 (Security-only update) |
March 21, 2017 |
KB 4012219 |
March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 |
Windows Server 2016 RTM (RS1)
Release date |
KB |
Article title |
May 16, 2017 |
KB 4023680 |
May 26, 2017—KB4023680 (OS Build 14393.1230) |
May 9, 2017 |
KB 4019472 |
May 9, 2017—KB4019472 (OS Build 14393.1198) |
April 11, 2017 |
KB 4015217 |
April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083) |
Verification
-
Verify the version of the following MSISCSI driver on the system:
c:\windows\system32\drivers\msiscsi.sys The version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016. -
The following events are logged in the System log:
Event source
ID
Text
iScsiPrt
34
A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name.
iScsiPrt
39
The Initiator sent a task management command to reset the target. The target name is given in the dump data.
iScsiPrt
9
Target did not respond in time for a SCSI request. The CDB is given in the dump data.
-
Review the number of threads that are running under the System process, and compare this to a known working baseline.
-
Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.
-
Review the number of ephemeral ports that are being used by the System process.
-
From an administrative Powershell, run the following command:
Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count Or, from an administrative CMD prompt, run the following NETSTAT command together with the "Q" switch. This shows "bound" ports that are no longer connected: NETSTAT –ANOQ Focus on ports that are owned by the SYSTEM process. For the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.
Resolution
If the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available. Note We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.How to get this update
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
-
File information file information for update KB4022717.
For a list of the files that are provided in this update, download the
Prerequisites You must have the following update installed:
2919355 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update: April 2014
Additional Information
Installation steps for systems using AMD Carrizo DDR4 processor or Windows Server 2012 R2 systems using Xeon E3V6 processor:
-
Download KB4022717 from Microsoft Update Catalogwebsite.
-
Extract the CAB file from the downloaded .msu file from step 1. Note the path where you stored the CAB file for use in step 3.
-
Run the DISM /Online /Add-Package command to install the update: DISM.exe /Online /Add-Package /PackagePath: CAB file path from step 2.