Applies ToWindows 10, version 1607, all editions Windows Server 2016, all editions

Release Date:

6/27/2017

Version:

OS Build 14393.1378

Improvements and Fixes

This non-security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addressed an issue introduced by KB4022715where Internet Explorer and Microsoft Edge printing from a frame may result in 404 not found or blank page printed.

  • Addressed issue where CRM UI may hang when pressing the reply button in mail workflow.

  • Addressed issue where the Volume Activation Services tool (vmw.exe) stops working with error “Indicates two revision levels are incompatible“ when attempting to activate the Volume License Service role.

  • Addressed issue where multipath I/O does not use other available paths during a failover scenario.

  • Addressed issue where a PC randomly crashes after a user inserts a USB device into the USB port.

  • Addressed issue where a blue screen and the "unmountable_boot_volume" message appear during the system boot process when the Unified Write Filter is enabled.

  • Addressed issue where a computer stops working when trying to add a phone to the computer for use as a modem.

  • Addressed issue where Simple Network Management Protocol (SNMP) applications stop receiving traps.

  • Addressed issue where Page faults for Demand Zero Pages are significantly slower (> 10%), which causes many applications to run slower.

  • Addressed issue with error that occurs when users sign out from an application when Active Directory Federation Services is enabled.

  • Addressed issue where nodes fail to join a cluster because of failed certificate authentication if SHA1 is disabled.

  • Addressed issue with the Server Message Block Bandwidth limiting feature not working.

  • Addressed issue where the storage replication driver (wvrf.sys) is in an infinite loop.

  • Addressed issue where a 2012 R2 or below Remote Desktop License Server causes the 2016 Remote Desktop Services Host to crash and stop giving sessions to clients.

  • Addressed issue to add support in certutil.exe to allow certificate templates to be marked for Windows Hello.

  • Addressed issue where you may lose access to storage disks when there are still available paths if there is an error on one of the multipath I/O paths.

  • Addressed a WS-Federation sign-out problem where users initiate Sign-out from an application configured with SAML. In this case the Sign-out fails with an ADFS exception identified with an ADFS Admin Event 364 Error. This issue is limited to ADFS 4.0.

  • Addressed issue where the creation of virtual disks fails in Windows Server 2016 storage spaces when the physical disk allocation is set to manual for all the selected disks.

  • Addressed a reliability issue in Windows Search.

  • Improved performance by addressing an issue that was introduced in KB3213986 in Connection Group feature of Microsoft Application Virtualization (App-V). This performance improvement significantly reduces the registry space used on a Remote Desktop Services (RDS) gateway, by grouping user settings based on the effective group a user belongs to, rather than individual user.

  • Enabled machines with AMD I/O Virtualization Technology (IOMMU) to boot without BIOS restriction.

  • Addressed additional issues in printing, updates to the Access Point Name (APN) database, Start menu and taskbar,  Internet Explorer and the Windows Shell.

  • Addressed issue where the Microsoft Standard NVM Express Driver (stornvme) incorrectly exposed inactive namespaces as disks to the OS. The OS cannot use inactive namespaces and they should not be exposed to the OS.

  • Addressed issue where removable devices do not work as expected after applying KB3179574 and when auditing of removable devices is enabled.

Known issues in this update

Symptom

Workaround

After you install this update, Internet Explorer 11 may close unexpectedly when you visit some websites. When the problem occurs, you may receive an error message that resembles the following:

We were unable to return you to [previous URL]. Internet Explorer has stopped trying to restore this website. It appears the website continues to have a problem.

The problem may occur if the website is complex and uses certain web API's.

This issue is resolved in July 11, 2017—KB4025339 (OS Build 14393.1480).

If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Windows Server 2012 R2 and Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:

  • The operating system stops responding

  • You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.

  • User log on failures occur together with a "No Logon Servers Available" error.

  • Application and service failures occur because of ephemeral port exhaustion.

  • An unusually high number of ephemeral ports are being used by the System process.

  • An unusually high number of threads are being used by the System process.

Cause This issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:

Windows Server 2012 R2

Release date

KB

Article title

May 16, 2017

KB 4015553

April 18, 2017—KB4015553 (Preview of Monthly Rollup)

May 9, 2017

KB 4019215

May 9, 2017—KB4019215 (Monthly Rollup)

May 9, 2017

KB 4019213

May 9, 2017—KB4019213 (Security-only update)

April 18, 2017

KB 4015553

April 18, 2017—KB4015553 (Preview of Monthly Rollup)

April 11, 2017

KB 4015550

April 11, 2017—KB4015550 (Monthly Rollup)

April 11, 2017

KB 4015547

April 11, 2017—KB4015547 (Security-only update)

March 21, 2017

KB 4012219

March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2

Windows Server 2016 RTM (RS1)

Release date

KB

Article title

May 16, 2017

KB 4023680

May 26, 2017—KB4023680 (OS Build 14393.1230)

May 9, 2017

KB 4019472

May 9, 2017—KB4019472 (OS Build 14393.1198)

April 11, 2017

KB 4015217

April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083)

Verification

  • Verify the version of the following MSISCSI driver on the system: c:\windows\system32\drivers\msiscsi.sys The version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016.

  • The following events are logged in the System log:

    Event source

    ID

    Text

    iScsiPrt

    34

    A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name.

    iScsiPrt

    39

    The Initiator sent a task management command to reset the target. The target name is given in the dump data.

    iScsiPrt

    9

    Target did not respond in time for a SCSI request. The CDB is given in the dump data.

  • Review the number of threads that are running under the System process, and compare this to a known working baseline.

  • Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.

  • Review the number of ephemeral ports that are being used by the System process.

  • From an administrative Powershell, run the following command:Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count Or, from an administrative CMD prompt, run the following NETSTAT command together with the "Q" switch. This shows "bound" ports that are no longer connected:NETSTAT –ANOQ Focus on ports that are owned by the SYSTEM process. For the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.

Resolution If the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available.Note We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.

 

How to get this update

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.