Applies ToAzure Local, version 21H2

Release Date:

1/25/2022

Version:

OS Build 20348.502

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Azure Stack HCI, version 21H2, see its update history page

Improvements

This non-security update includes quality improvements. Key changes include:    

  • Updates daylight savings time to start in February 2022 instead of March 2022 in Jordan.

  • Addresses an issue that affects the App Readiness service and prevents users from successfully signing in. 

  • Addresses an issue that causes the Remote Desktop Services (RDS) server to become unstable when the number of connected users exceeds 100. As a result, users cannot access published applications using RDS on Windows Server 2019.

  • Addresses an issue that prevents System Center Virtual Machine Manager (SCVMM) customers from registering Network Attached Storage (NAS) file shares to Hyper-V hosts clusters. This also addresses an issue that shows existing VMs in the registered NAS file share as "Unsupported Configuration" in SCVMM.

  • Addresses an issue in CLSID_InternetExplorer.

  • Addresses an issue that sometime prevents you from entering strings in the Input Method Editor (IME).

  • Addresses issue that occurs in remote desktop or remote applications integrated locally (RAIL) scenarios. A window might not appear because an application has used WM_SETREDRAW to temporarily stop the window from being redrawn.

  • Addresses an issue that might cause Windows to stop working when you use the Pen Haptics API.

  • Updates the phone number for Windows Activation for locales that have the wrong phone number.

  • Addresses an issue that causes a device to incorrectly report itself as noncompliant with Conditional Access because of an antivirus or firewall configuration.

  • Addresses an issue that stops printing or prints the wrong output when you print using USB on Windows 10, version 2004 or later.

  • Addresses an issue that might cause Kerberos.dll to stop working within the Local Security Authority Subsystem Service (LSASS). This occurs when LSASS processes simultaneous Service for User (S4U) user-to-user (U2U) requests for the same client user.

  • Addresses an issue that affects the Fast Identity Online 2.0 (FIDO2) credential provider and prevents the display of the PIN entry box.

  • Addresses an issue that causes Windows to stop working and generates the error, “IRQL_NOT_LESS_OR_EQUAL”.

  • Addresses an issue that might cause the Get-TPM PowerShell command to fail when it attempts to report Trusted Platform Module (TPM) information. The command fails with the error, “0x80090011 Microsoft.Tpm.Commands.TpmWmiException,Microsoft.Tpm.Commands.GetTpmCommand”.

  • Addresses an issue that causes a remote desktop protocol (RDP) session to disconnect or the screen to be blank for Server Core. This issue occurs when you install the AppCompat feature.

  • Addresses an issue that causes lsass.exe to stop working and the device restarts. This issue occurs when you query Windows NT Directory Services (NTDS) counters after the NTDS service has stopped.

  • Addresses an issue that affects NTFS when you enable the update sequence number (USN) journal. NTFS performs unnecessary actions each time it performs a write operation, which affects I/O performance.

  • Addresses an issue that fails to apply the Group Policy Object (GPO) “Do not allow compression on all NTFS Volume” in some cases.

  • Addresses an issue that prevents Robocopy from retrying the file copy process.

  • Addresses an issue that might occur when you enable verbose Active Directory Federation Services (AD FS) audit logging and an invalid parameter is logged. As result, Event 207 is logged, which indicates that a failure to write to the audit log occurred.

  • Addresses a memory leak that occurs when you call WinVerifyTrust(). This issue occurs if verification fails for the first signature of a file that has multiple signatures.

  • Adds an audit event to Active Directory domain controllers that identifies clients that are not compliant with RFC 4456. For more information, see KB5005408: Smart card authentication might cause print and scan failures.

To return to the Azure Stack HCI documentation site

Windows 10 servicing stack update - 20348.502

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

Known issues in this update

Symptom

Workaround

After installing updates released January 11, 2022 or later, apps that use the Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might have issues. The apps might fail or close or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. 

Note for developers Affected apps use the System.DirectoryServices API.

To resolve this issue manually, apply the out-of-band updates for the version of the .NET Framework used by the app.

Note These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog

For instructions on how to install this update for your operating system, see the KB articles listed below:

  • Windows Server 2022: 

  • Windows Server 2019: 

  • Windows Server 2016: 

  • Windows Server 2012 R2: 

  • Windows Server 2012:

How to get this update

Before installing this update

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

To install the LCU on your Azure Stack HCI cluster, see Update Azure Stack HCI clusters.

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

Yes

Go to Settings Update & Security > Windows Update. In the Optional updates available area, you’ll find the link to download and install the update.

Windows Update for Business

No

None. These changes will be included in the next security update to this channel.

Microsoft Update Catalog

No

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS)

No

You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File Information

For a list of the files that are provided in this update, download the file information for cumulative update 5009608.

For a list of the files that are provided in the servicing stack update, download the file information for the SSU - version 20348.502

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.