Summary
Some computers that have the Windows 8.1 and Windows Server 2012 R2 Update (KB 2919355) installed stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2)-based servers that are configured to use HTTPS and do not have TLS 1.2 enabled. This problem occurs only when the following conditions are true:
-
The computer is running Windows 8.1 or Windows Server 2012 R2 and has the KB 2919355 update installed.
-
The computer is managed by a WSUS 3.2-based server.
-
WSUS 3.2 server is configured to have the managed clients communicate with the WSUS server over HTTPS by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
-
The WSUS 3.2 server does not support the TLS 1.2 protocol.
How to check whether the problem applies to your environment
Are you using or do you plan to use WSUS 3.2 to manage Windows 8.1-based or Windows Server 2012 R2-based computers?
-
If your answer is no, you are not affected by this problem, and you can skip the rest of this article.
-
If your answer is yes, you should read the rest of this section to see whether you are affected.
Note If you are using the WSUS Server role on Windows Server 2012 or Windows Server 2012 R2 to manage Windows 8.1 or Windows Server 2012 R2-based devices, you are not affected by this problem.
Did you configure the WSUS 3.2-based server so that managed computers communicate with the WSUS-based server over HTTPS?
-
If your answer is no, you are not affected by this problem, and you can skip the rest of this article.
-
If your answer is yes, you should read the rest of this section to see whether you are affected.
Is TLS 1.2 supported and enabled on your WSUS 3.2-based server?
If your WSUS 3.2-based server is running on any of the following server platforms, the TLS 1.2 protocol is not supported:
-
Windows Server 2003 Service Pack 2 (SP2)
-
Windows Server 2003 R2 SP2
-
Windows Server 2008 SP2
If your WSUS 3.2-based server is running on Windows Server 2008 R2 SP1, the TLS 1.2 protocol is supported. To check whether the TLS 1.2 protocol is enabled, follow these steps:
-
Start Registry Editor, and then locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
-
Check whether the TLS 1.2\Server registry subkey exists.
-
If the subkey does not exist, TLS 1.2 is not enabled on your Windows Server 2008 R2-based server.
-
If the subkey does exist, you should check whether the DisabledByDefault DWORD value exists. If the value exists and is set to 0x0, the TLS 1.2 protocol is enabled.
-
-
If your answer is yes, you are not affected by this problem, and you can skip the rest of this article.
-
If your answer is no, you are affected by this problem.
How to prevent the problem in your environment
Deploy the revised Windows 8.1, Windows Server 2012 R2 Update (KB 2919355)Microsoft has released a revised Windows 8.1 and Windows Server 2012 R2 Update (KB 2919355) that addresses this problem. The revised update is now available on WSUS and the Microsoft Download Center. Note If you use the volume license media that is provided by Microsoft and that is integrated with the KB 2919355 update to deploy Windows 8.1 or Windows Server 2012 R2, you should apply the KB 2959977 update to the image before you deploy. You can follow the steps in the following Microsoft TechNet topic to apply the KB 2959977 update for Windows 8.1 and Windows Server 2012 R2:
Add or Remove Packages Offline Using DISMIf you manage computers that are currently affected by the problem that is discussed in this article, you can obtain and deploy the following stand-alone update package from the Microsoft Download Center. For more information, go to the Microsoft Download Center, and then search for KB2959977.
Operating system |
Update |
---|---|
All supported x86-based versions of Windows 8.1 |
|
All supported x64-based versions of Windows 8.1 |
|
All supported x64-based versions of Windows Server 2012 R2 |
Release Date: April 15, 2014
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.