Windows 8.1 and Windows Server 2012 R2

  • Article
  • 7 minutes to read

Find data on known bug for Windows viii.one and Windows Server 2012 R2. Looking for a specific issue? Press CTRL + F (or Control + F if y'all are using a Mac) and enter your search term(southward). Want the latest Windows release wellness updates? Follow @WindowsUpdate on Twitter.

  • Windows and the future of hybrid work

    Explore what's next in security, productivity, and management.

  • How to get Windows 11

    Explore the upgrade experience.

    Known issues

    This table offers a summary of current active problems and those bug that have been resolved in the last 30 days.

    Summary Originating update Condition Concluding updated
    Y'all might see authentication failures on the server or client for services
    Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, and other services might fail.
    		 KB5014011
    2022-05-10    		 Resolved
    KB5014986    		 2022-05-nineteen
    14:00 PT
    Certain apps or devices might be unable to create Netlogon secure channel connections
    Scenarios which rely on constructed RODC machine accounts might fail if they exercise not take a linked KRBTGT business relationship.
    		 KB5009624
    2022-01-11    		 Investigating
    		 2022-02-24
    17:41 PT
    Apps that acquire or set Active Directory Wood Trust Data might have issues
    Apps using Microsoft .NET to larn or ready Woods Trust Data might neglect, close, or yous might receive an mistake.
    		KB5009624
    2022-01-xi    		 Mitigated
    		 2022-02-07
    fifteen:36 PT
    Certain operations performed on a Cluster Shared Book may fail
    Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
    		 KB4480963
    2019-01-08    		 Mitigated
    		 2020-06-11
    14:06 PT

    Outcome details

    May 2022

    You might come across authentication failures on the server or customer for services

    Status Originating update History
    Resolved KB5014986 KB5014011
    2022-05-ten    		 Resolved: 2022-05-nineteen, 14:00 PT
    Opened: 2022-05-11, 18:38 PT

    Resolution guidance updated May 27, 2022

    After installing updates released May 10, 2022 on your domain controllers, you might come across car certificate authentication failures on the server or client for services such every bit Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An upshot has been constitute related to how the mapping of certificates to automobile accounts is being handled by the domain controller.

    Note: Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this outcome. This upshot but affects installation of May 10, 2022, updates installed on servers used as domain controllers.

    Workaround: The preferred mitigation for this upshot is to manually map certificates to a machine account in Agile Directory. For instructions, please see Document Mapping. Note: The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation volition not work in your surroundings, delight see KB5014754—Certificate-based hallmark changes on Windows domain controllers for other possible mitigations in the SChannel registry key department. Note: Any other mitigation except the preferred mitigations might lower or disable security hardening.

    Resolution: This issue was resolved in out-of-ring updates released May 19, 2022 for installation on all Domain Controllers in your environment, every bit well every bit all intermediary application servers such as Network Policy Servers (NPS), RADIUS, Certification Authority (CA), or web servers which passes the authentication certificate from the client being authenticated to the authenticating DC. If you used any workaround or mitigations for this upshot, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no activity needed on the client side to resolve this authentication consequence.

    To become the standalone bundle for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You tin can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Managing director. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, run across Import updates from the Microsoft Update Catalog. Notation The below updates are non available from Windows Update and will not install automatically.

    Cumulative updates:

    • ​Windows Server 2022: KB5015013
    • ​Windows Server, version 20H2: KB5015020
    • ​Windows Server 2019: KB5015018
    • ​Windows Server 2016: KB5015019

    Annotation: You do not demand to apply any previous update earlier installing these cumulative updates. If you have already installed updates released May ten, 2022, you do not need to uninstall the afflicted updates before installing whatever later updates including the updates listed higher up.

    Standalone Updates:

    • ​Windows Server 2012 R2: KB5014986
    • ​Windows Server 2012: KB5014991
    • ​Windows Server 2008 R2 SP1: KB5014987
    • ​Windows Server 2008 SP2: KB5014990

    Note: If you lot are using security simply updates for these versions of Windows Server, yous only need to install these standalone updates for the month of May 2022. Security just updates are not cumulative, and you volition besides need to install all previous Security merely updates to be fully upwards to date. Monthly rollup updates are cumulative and include security and all quality updates. If yous are using Monthly rollup updates, y'all will demand to install both the standalone updates listed in a higher place to resolve this issue, and install the Monthly rollups released May 10, 2022 to receive the quality updates for May 2022. If yous accept already installed updates released May 10, 2022, you exercise not need to uninstall the afflicted updates before installing whatever later updates including the updates listed above.

    Afflicted platforms:

    • ​Client: Windows 11, version 21H2; Windows ten, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows ten, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows x, version 1607; Windows 10 Enterprise 2015 LTSB; Windows viii.one; Windows 7 SP1
    • ​Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

    February 2022

    Certain apps or devices might be unable to create Netlogon secure aqueduct connections

    Status Originating update History
    Investigating KB5009624
    2022-01-xi    		 Last updated: 2022-02-24, 17:41 PT
    Opened: 2022-02-24, 17:25 PT

    After installing KB5009624 or whatsoever updates released January 11, 2022 and afterwards your domain controllers, scenarios which rely on Read-just domain controllers (RODCs) or constructed RODC machine accounts might fail to institute a Netlogon secure channel. RODC accounts must have a linked and compliant KRBTGT account to successfully establish a secure channel. Affected applications or network appliances, such every bit Riverbed SteelHead WAN Optimizers, might have issues joining domains or limitations after joining a domain.

    Next Steps: Affected apps and network appliances volition need an update from their developer or manufacturer to resolve this issue. Microsoft and Riverbed are presently investigating and volition provide an update when more than information is available.

    Affected platforms:

    • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

    Apps that acquire or set Active Directory Woods Trust Data might have issues

    Status Originating update History
    Mitigated KB5009624
    2022-01-11    		 Final updated: 2022-02-07, 15:36 PT
    Opened: 2022-02-04, xvi:57 PT

    After installing updates released January 11, 2022 or later, apps using Microsoft .Net Framework to acquire or set Agile Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Notation for developers: Affected apps utilize the System.DirectoryServices API.

    Next Steps: This issue was resolved in the out-of-ring update for the version of .NET Framework used by the app. Note: These out-of-band updates are non available from Windows Update and volition not install automatically. To get the standalone packet, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You lot tin manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Managing director. For WSUS instructions, come across WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.

    For instructions on how to install this update for your operating organisation, run into the KB articles listed beneath:

    • ​Windows Server 2022:
      • ​.Cyberspace Framework iv.8 KB5011258
    • ​Windows Server 2019:
      • ​.Net Framework 4.8 KB5011257
      • ​.NET Framework iv.7.2 KB5011259
    • ​Windows Server 2016:
      • ​.NET Framework 4.8 KB5011264
      • ​.Net Framework four.6.two, iv.7, 4.7.1 or iv.7.two KB5011329
    • ​Windows Server 2012 R2:
      • ​.NET Framework 4.8 KB5011266
      • ​.NET Framework 4.6, iv.six.1, 4.half-dozen.2, 4.7, 4.7.1 or four.7.ii KB5011263
      • ​.NET Framework iv.5.2 KB5011261
    • ​Windows Server 2012:
      • ​.Cyberspace Framework 4.viii KB5011265
      • ​.NET Framework 4.half dozen, 4.half dozen.i, 4.6.2, 4.7, 4.seven.1 or 4.7.2 KB5011262
      • ​.Net Framework four.5.2 KB5011260

    Affected platforms:

    • ​Client: None
    • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

    January 2019

    Certain operations performed on a Cluster Shared Volume may fail

    Status Originating update History
    Mitigated KB4480963
    2019-01-08    		 Concluding updated: 2020-06-11, fourteen:06 PT
    Opened: 2019-01-08, 10:00 PT

    Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that doesn't accept administrator privilege.

    Afflicted platforms:

    • ​Customer: Windows 8.1; Windows 7 SP1
    • ​Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

    Workaround: Do ane of the following:

    • ​Perform the performance from a procedure that has ambassador privilege.
    • ​Perform the performance from a node that doesn't have CSV ownership.

    Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.