Upgrade Expired Evaluation Configuration Manager to Full Version

When you install Configuration Manager as an evaluation version. It becomes read-only after 180 days. Before or after this period, you will need to activate the product from the Site Maintenance page in Setup and have it upgraded to a full installation. This can be done at any time before or after the 180 days. In this article, we shall discuss how to Upgrade Expired Evaluation Configuration…

Windows Server Insider Preview Build 18346 released

Windows Server Insider Preview Build 18346 released. Server Core App Compatibility feature on demand (FOD): The Server Core App Compatibility FOD was new in Windows Server 2019 and Windows Server, version 1809.  We are continuing investment in the App Compatibility FOD based on customer and Insider feedback. New in this Insider release for App Compatibility FOD: Hyper-V Manager (Virtmgmt.msc) Create and connect to VMs hosted on Server Core + the App Compatibility FOD!! Task Scheduler (Taskschd.msc) Please try it and let us know!  More to come…. Available Content Windows Server vNext Semi-Annual Preview The Server Core Edition is available in the 18 supported Server languages in ISO format and in English only in VHDX format. Windows Server Core App Compatibility FoD Preview Windows Server Language Packs Windows Admin Center 1902 The following keys allow for unlimited activations of Windows Server Previews Server Standard: V6N4W-86M3X-J77X3-JF6XW-D9PRV Server Datacenter: B69WH-PRNHK-BXVK3-P9XF7-XD84W This Windows Server Preview will expire July 5th, 2019. Windows Server Bug Fixes We fixed an issue where RDP to ServerCore and ServerACore SKU’s did not work. Windows Server Known Issues (New) Error after remoting to machine with RDP post FOD installation.  The error message indicates immediately that the remote session has ended with potential reasons, followed by a black RDP screen. This only impacts remoting to a physical machine with Server Core + FOD. (New) Applies to App Compat FOD MMC.exe only: Multiple Active Directory Users and Computers snap-ins added to the same MMC.exe instance could show inconsistent or no data on part of the snap-ins after adding extra columns to the UI view.  Wokaround: for UI user management, use a separate MMC for each ADUC (DSA.MSC) snap-in. A local user’s last logon time output from “net user username” may not be recorded even when the user has accessed the server’s network share. Scheduled startup tasks may fail to run. An event is logged, ID 101 with the error code ERROR_LOGON_FAILURE when the failure occurs. A virtual machine may not report all virtual fibre channel (vfc) LUNs after powering on if there are 2000+ vfc LUNs. WMI queries from the host show the LUNS available.  Restarting the VMMs may show the LUNS again as available. DCPromo fails if the interface metric of the physical NIC is larger than Loopback Interface. Third-party password filter dlls may not be notified when the local Administrator account’s password was changed. Attempting system image recovery from an image located on a network share may result in error “A specified logon session does not exist. It may already have been terminated” Server FODs are not retained after in-place (or B2B) upgrade. Domain Controller rename updates incorrect attributes in AD leaving orphaned data behind (ValidateSPNsAndDNSHostNameActual).  This can be reproduced by adding a new FQDN, setting it as primary, restarting the domain controller, then removing the current FQDN.  Checking the msDS-AdditionalDnsHostName, msDS-AdditionalSamAccountName and servicePrincipalName attributes will incorrect values. Invalid file may be created in %Systemroot%\System32\LogFiles\Sum by User Access Logging. Self-service users cannot install Feature on Demand (FOD) packages and Language Packs for Windows Server Update Service (WSUS), System Center Configuration Manager (SCCM), and Autopilot scenarios. A container host may become unresponsive due to a deadlock when attempting to mount a volume. On an affected system, Docker hangs on all commands. When a Windows Defender Application Guard container crashes, the resulting type of dump may be unexpected. Read the full article

FAQ: Windows 10 LTSB explained

New Post has been published on https://www.articletec.com/faq-windows-10-ltsb-explained-3/

FAQ: Windows 10 LTSB explained

Windows 10 powered to its third anniversary this year, but one branch, identified by the initials L-T-S-B, remained an enigma to most corporate users.

LTSB, which stands for “Long-term Servicing Branch,” was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.

That hasn’t happened, in part because Microsoft has steered customers away from LTSB.

Just what is LTSB? And what has Microsoft done to make it an afterthought?

We have answers.

So what is Windows 10 LTSB?

Officially, LTSB is a specialized edition of Windows 10 Enterprise that promises the longest intervals between feature upgrades of any version of the operating system.

Where other Windows 10 servicing models push feature upgrades to customers every six months, LTSB does so only every two or three years. That means fewer changes during a set timeline, a less-involved upgrade effort, and fewer disruptions as well as fewer possibilities for applications breaking because of a modification of the OS.

If LTSB stands for ‘Long-term Servicing Branch,’ what’s this ‘LTSC’ acronym I’ve seen?

When Microsoft dropped multiple labels for Windows 10’s release tracks – those now retired included “Current Branch” and the unwieldy “Current Branch for Business” – for the single “Semi-Annual Channel” (SAC) it also debuted “Long-term Servicing Channel” (LTSC) to match.

Although LTSC could be viewed as the mechanism that updated and upgraded the actual operating system, which went by the LTSB moniker, Microsoft has shifted to using the former exclusively and ditching the latter. Yes, it’s confusing. But then, it is Microsoft we’re talking about.

(Note: Computerworld intends to continue using LTSB, at least in the short run, as it, not LTSC, is the better-known acronym.)

How often does the LTSC update Windows 10 LTSB?

That’s a question so good it comes with more than one answer.

Windows 10 LTSB does receive the usual monthly security updates.

The twice-annual feature upgrades delivered to other channels will not be offered to LTSB systems.

Microsoft upgrades the LTSB “build” every two to three years. Those upgrades, however, are optional, or at least optional to some degree (more on that later).

Each LTSB build is supported with security updates for a decade, the same 10-year lifespan Microsoft has designated and maintained for ages. The decade is split into two equal halves: “Mainstream” support for the first five years, “Extended” for the second. For Windows 10 Enterprise 2016 LTSB, Mainstream support ends in October 2021 and Extended stops in October 2026.

What’s the current Windows 10 LTSB? When is the next one supposed to show up?

This question’s a tough one.

The current LTSB should be Windows 10 Enterprise LTSC 2019, which was introduced Oct. 2. But it’s not.

That’s because just four days later, on Oct. 6, Microsoft pulled all versions of Windows 10 1809 – the moniker in Microsoft’s yymm naming convention – and has not yet restored access to what it also calls “Windows 10 October 2018 Update.” (Microsoft yanked 1809 due to a very nasty bug that deleted user files on some customers’ PCs during the upgrade.)

Microsoft bases LTSB on a specific Windows 10 build, in the case of LTSC 2019, the 1809 code. Essentially, Microsoft picks a feature upgrade and labels it LTSB. So when the Redmond, Wash. developer withdrew Windows 10 1809 from the Windows Update service and manual download websites, it also revoked access to LTSC 2019. The firm has given users no new information about progress in re-releasing 1809 in more than a month.

For the time being, then, Windows 10 Enterprise 2016 LTSB, which was based on the mid-2016 Windows 10 1607, remains the latest available version. The even earlier Windows 10 Enterprise 2015 LTSB – based on the July 2015 debut version of the operating system – still receives security updates, of course.

Note: Although Microsoft said in May 2017 that the next LTSB would ship sometime in 2019, it changed its mind in early 2018, saying in February that a LTSB would launch in the fall.

What’s missing from LTSB?

A lot that makes Windows 10, well, Windows 10. Eschewing the regular feature upgrades means that LTSB does not include Edge nor any Microsoft Store (Universal Windows Platform, or UWP) apps, whether Redmond-made or third-part, because the browser and those apps constantly change and need updating. Also AWOL: the Cortana voice-activated digital assistant and access to the Microsoft Store.

That said, LTSB looks and runs just like any other Windows 10 edition. No one will be fooled into thinking it’s Windows 7.

Can we defer security updates if we’re on LTSB?

Yes.

Servicing tools such as Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM) let administrators delay the monthly security updates – which Microsoft calls quality updates – just as they can postpone those same patches reaching machines running other versions of Window 10.

Why does Microsoft make LTSB available to customers?

Plainly put, it was a sop to the criticism very early on about Windows 10’s accelerated development and release tempo.

Customers had become accustomed to upgrading Windows every three or more years, with the emphasis on more in the enterprise. The announcement that that would change to multiple releases each year – initially, three annually – was a shock.

Microsoft tried to soften the blow by offering a schedule very similar to the slower cadence familiar to IT: Upgrades that appeared every three years or so, with little or no feature changes in between, and an update model that provided only security fixes. In a nutshell, that’s how Microsoft described Windows 10 LTSB at the start.

Although Microsoft always opined that LTSB was suitable only as a minority choice – one for special situations, such as machines that simply should not be frequently touched, like those that control industrial systems or ATMs – early in Windows 10, there was significant talk among IT administrators about choosing LTSB for broad swaths of their PC inventory.

Why? Because they weren’t convinced they could, or even should, snap to and adapt to Microsoft’s pitch of “Windows as a service” (WaaS).

Okay, so which PCs should be running LTSB? Here’s what Microsoft says on that:

“Specialized systems – such as PCs that control medical equipment, point-of-sale systems, and ATMs – often require a longer servicing option because of their purpose,” the company’s primary Windows-as-a-service documentation states. “These devices typically perform a single important task and … [i]t’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes.”

and…

“As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the [non-LTSB servicing channels].”

Has Microsoft changed the support rules for LTSB since Windows 10’s debut?

Yes, and in a way that makes it difficult, if not impossible, to widely deploy the edition.

Over a year and a half ago, Microsoft added another law to the Windows 10 support scene, one that analysts contended invalidated LTSB’s advantages over the shifting features that mark the other versions.

Originally, Microsoft promised to support each LTSB edition for a full decade. But in early 2017, the company ruled that “LTSBs will support the currently released silicon at the time of release of the LTSB [emphasis added],” and that as new processors appeared from the likes of Intel and AMD, “support will be created through future Windows 10 LTSB releases that customers can deploy for those systems.”

The bland language disguised a huge change. Rather than be able to stick with a single LTSB edition for five, even 10, years, enterprises will need to adopt virtually every LTSB version as they buy new PCs powered by newser processors.

Can we upgrade one LTSB to another LTSB?

Yes. But there are conditions and stipulations. No surprise, really, what with Microsoft’s overall attitude toward the long-term build.

“Long-term Servicing Branch can be upgraded, one to another,” said Todd Furst, a Microsoft technical architect, in a presentation last year at his firm’s Ignite conference. “You can upgrade it in place, but there’s some caveats. You basically have to do a full OS deployment. There’s no special tools that say, ‘Just do the upgrade for me.’ You have to push the whole OS down. If you want to do the servicing rings inside of Config Manager or Windows Update for Business, that’s only for Current Branch.”

In other words, LTSB/LTSC requires full-size media to upgrade and new versions of the build are not published to Windows Update or available through WSUS (Windows Server Update Services).

Where do you get the next LTSC then? At the Volume Licensing Service Center (VLSC).

What’s one of the least-understood aspects of LTSB?

We couldn’t stop at just one, so we highlighted a pair of points about LTSB.

First, although IT admins can switch PCs from LTSB to plain Windows 10 Enterprise – so those machines can receive feature upgrades, for instance – such a change is only supported when moving to the same or later SAC. If an enterprise has been running Windows 10 Enterprise 2016 LTSB, for example, it can shift only to Windows 10 Enterprise 1607 or later (meaning 1703, 1709 or 1803).

(And you’d better hurry if you plan to switch from 2016 LTSB to SAC 1607, since that version’s support expires in April 2019.)

Second, starting Jan. 14, 2020, the locally-installed applications included with an Office 365 subscription – they’re called “Office 365 ProPlus” – will not be supported on any version of Windows 10 Enterprise LTSB. Instead, LTSB systems must run Office 2016 or 2019, the perpetual license counterparts to ProPlus. (Office 2019 is supported on Windows 10 Enterprise LTSC 2019 only, not earlier versions.)

How long is LTSB supported?

Ten years is usually the answer you see to that one. But it would be, if not wrong, then misleading.

Windows 10 Enterprise LTSB is guaranteed only five years of support – from the time of its release, not its installation – if the underlying license does not have SA attached. With SA, a specific LTSB edition is supported for the full 10 years.

We run Windows 10 Enterprise and pay for Software Assurance, but we may drop SA. Anything we should know?

Yes, indeed.

When a company drops SA at the end of a contract period, it is entitled to roll out only the current Windows 10 Enterprise LTSB. It cannot later upgrade that version to a newer LTSB when one is released. Customers have a 90-day window to switch the current operating system from Windows 10 Enterprise to Windows 10 Enterprise LTSB. Note: To do that, Windows 10 Enterprise must be uninstalled before deploying LTSB.

Source link

Why #Windows 7 #updates are getting bigger

New Post has been published on https://takenews.net/why-windows-7-updates-are-getting-bigger/

Why #Windows 7 #updates are getting bigger

Home windows 7’s safety rollups, essentially the most complete of the fixes it pushes out every Patch Tuesday, have virtually doubled in measurement since Microsoft revamped the veteran working system’s replace routine final yr.

In keeping with Microsoft’s personal knowledge, what it calls the “Safety High quality Month-to-month Rollup” (rollup from right here on) grew by greater than 70% throughout the first dozen issued updates. From its October 2016 inception, the x86 model of the replace elevated from 72MB to 124.4MB, a 73% bounce. In the meantime, the always-larger 64-bit model went from an preliminary 119.4MB to 203.2MB 12 updates later, representing a 70% improve.

The swelling safety updates weren’t, in themselves, a shock. Final yr, when Microsoft introduced large modifications to the way it serviced Home windows 7, it admitted that rollups would placed on kilos because the months move. “The Rollups will begin out small, however we anticipate that these will develop over time,’ Nathan Mercer, a Microsoft product advertising and marketing supervisor, mentioned on the time. Mercer’s rationalization: “A Month-to-month Rollup in October will embrace all updates for October, whereas November will embrace October and November updates, and so forth.”

Two months later, when he was requested in regards to the development concern, Mercer once more conceded that the rollups might get massive. “Finally Month-to-month Rollup will develop to across the 500MB measurement,” Mercer mentioned in mid-October 2016.

It seems to be like Mercer’s forecast may need been on the sunshine facet.

On the 12-update tempo that Home windows 7’s rollups have established, the 64-bit model will weigh in at roughly 350MB by October 2018, and a yr after that, as Home windows 7 nears its expiration date, virtually 600MB. The latter would symbolize a 20% enhance above and past Mercer’s goal measurement. Likewise, the x86 version would improve to 216MB and 374MB in 2018 and 2019, respectively, if the 12-update development charge continues.

“The dimensions of those is certainly a priority,” mentioned Chris Goettl, product supervisor with shopper safety and administration vendor Ivanti. “When the rollups develop to 300MB to 500MB, some corporations do not have the downtime [to download and install updates that large], particularly these with a worldwide attain or to distant areas throughout sluggish connections.”

Think about a 500MB replace hitting the programs in a retail store, Goettl mentioned. “That may be a reasonably important use of the out there bandwidth when the shop [and its devices] are working 24/7.”

Microsoft points two sorts of safety updates for Home windows 7 on the second Tuesday of every month: a rollup and what the corporate has dubbed “Safety Solely High quality Replace” (security-only from right here). The latter consists of the month’s security-related patches and nothing else.

As a result of they comprise solely that month’s patches, they are much smaller than the identical month’s corresponding rollup. The 64-bit security-only for July was simply 30MB and the 32-bit was a fair smaller 19MB, in comparison with the identical month’s rollups of 194MB and 119MB. The variations in December had been even starker: 900KB and 1.4MB for the 32- and 64-bit safety solely updates, respectively, and 125.1MB and 204.7MB for the rollups.

The rollups are bigger not solely as a result of they drag their previous with them – every succeeding rollup consists of that month’s patches in addition to all earlier patches again to October 2016 – however as a result of additionally they embrace non-security bug fixes. Normally, although not all the time, issued later in every month, the non-security updates are bundled with the safety patches, including to the scale of the rollup.

However just some Home windows 7 machines are eligible for the smaller security-only updates: These serviced by WSUS (Home windows Server Replace Companies), or instruments, whether or not third-party or Microsoft’s personal System Middle Configuration Supervisor (SCCM), that depend on WSUS for content material. All different Home windows 7 units, together with ones run by customers and small corporations, that join through Home windows Replace or Home windows Replace for Enterprise, are handed rollups. They don’t get a selection.

On common, the security-only updates issued for Home windows 7 in 2017 had been one-sixth the scale of the identical month’s rollup. Only one of the 11 64-bit security-only updates was bigger than 40MB, for instance, and solely 2 of the 32-bit variations broke the 20MB mark.

In keeping with Goettl, the security-only updates have been about the identical measurement they’d have been if composed of the same variety of separate patches, like these Microsoft distributed earlier than making the novel transfer to dump a long time of follow final fall.

However measurement was not the one cause, or even perhaps the principle cause, why security-only updates had been a blessing for enterprises. “Safety-only offers some flexibility,” Goettl mentioned, speaking in regards to the capability to postpone an replace.

As a result of the rollups are cumulative – in that they embrace all previous patches, in addition to the most recent – it is not doable to deploy them with out putting in each repair since not less than October 2016. If a patch breaks one thing, say a business-critical utility or workflow, all rollups subsequent to that should be placed on maintain.

However by adopting the security-only updates, an IT employees can not less than roll out, as an example, December’s model even when it has needed to maintain off on November’s due to a rogue patch. That follow is much like, though on a extra macro degree, the way in which particular person patches had been deployed or blocked, relying on whether or not they interfered with operations. (The latter was what Microsoft banned by shifting final yr to this all-inclusive method, the place all of a month’s patches are poured into one bucket and so are inseparable.)

Goettl noticed security-only updates as a sop to enterprises, a bone Microsoft threw to its most necessary prospects when it laid down the brand new legal guidelines in 2016. “One factor that softened the blow [of the cumulative update announcement] was that they provided the security-only bundle,” Goettl mentioned. “In Home windows 10, you do not have that possibility.”

Like numerous patch specialists, Goettl has urged these eligible for security-only to stay with the smaller updates. “It actually appears that numerous the breakage issues come on the finish of the month when the non-security fixes come out,” he added, speaking of the patches which might be included with the next month’s rollup. “Issues break there. This month, for instance, there have been numerous non-security fixes [in the rollup]. That is why we advocate security-only for shopper PCs, particularly [on systems with] delicate software program.”

Not each Home windows 7 machine has to pay full value for the more and more giant rollups. Some get a reduction.

Enterprises that deploy updates via WSUS can apply the non-obligatory “specific set up information” characteristic, which limits the bandwidth consumed on the native community, in flip lowering update-related visitors throughout the perimeter.

That is accomplished by figuring out these bytes that change between two variations of the identical file, then producing an replace containing simply these variations. (This method is often known as a “delta” replace, and is utilized by most software program builders to distribute updates.)

Nevertheless, there is a tradeoff, which Microsoft spells out on this assist doc: After enabling the characteristic, the scale of the downloads from Microsoft’s servers to the native WSUS server(s) will increase considerably. In keeping with Microsoft, specific set up information might treble the variety of bits downloaded to the WSUS server(s).

“If you distribute updates by utilizing this technique, it requires an preliminary funding in bandwidth,” Microsoft acknowledged. “Categorical set up information are bigger than the updates they’re meant to distribute. It’s because the specific set up file should comprise all of the doable variations of every file it’s meant to replace.

“Nevertheless, this value is mitigated by the diminished quantity of bandwidth required to replace shopper computer systems on the company community,” the doc continued.

In an instance Microsoft highlighted, a 100MB replace resulted in 300MB downloaded to the WSUS server, however the precise quantity transmitted over the native community to every shopper is likely to be as little as 30MB when specific set up information is turned on. With it off, the preliminary obtain to the WSUS server could be 100MB, the scale of the replace, however then that very same 100MB must be delivered to shopper PC throughout the native community.

Different caveats apply to precise set up information in Home windows 7, however maybe an important is that it’s not the identical because the same-named characteristic inside Home windows 10.

Whereas the specific characteristic has arguably acquired extra consideration in Home windows 10 – Microsoft has publicized the brand new working system’s characteristic a number of instances – it is not similar to what’s in Home windows 7.

For one factor, Home windows 10’s specific can distribute each updates and the twice-annual characteristic upgrades, which tip the scales at a number of gigabytes. Extra importantly, the differential replace know-how works with WSUS (as does Home windows 7’s), and with Home windows Replace and Home windows Replace for Enterprise.

This story, “Why Home windows 7 updates are getting larger” was initially printed by Computerworld.

Windows Server vNext Insider Preview Build 18334 released

Windows Server vNext Insider Preview Build 18334 released. Server Core App Compatibility feature on demand (FOD) The Server Core App Compatibility FOD was new in Windows Server 2019 and Windows Server, version 1809.  We are continuing investment in the App Compatibility FOD based on customer and Insider feedback. New in this Insider release for App Compatibility FOD: Task Scheduler (Taskschd.msc) Windows Server Bug Fixes We fixed an issue where In-place upgrade failed. We fixed an issue where a CPU spike may happen when Windows Server logs obsolete Windows Error Reporting reports PnPDriverInstallError and PnPDriverImportError. We fixed an issue where Dynamic Update Setup on Server shows “Installing Windows 10” instead of Server. We fixed an issue where ADFS Requests with invalid domain suffixes fail after a long delay (around 3 minutes) with error DS_NAME_ERROR_DOMAIN_ONLY. This can cause queued legitimate requests to experience delays or also timeout. We fixed an issue where Windows may attempt to reuse an expired DHCP lease if the lease expired while the OS was shutdown. Windows Server Known Issues A local user’s last logon time output from “net user username” may not be recorded even when the user has accessed the server’s network share. Scheduled startup tasks may fail to run. An event is logged, ID 101 with the error code ERROR_LOGON_FAILURE when the failure occurs. A virtual machine may not report all virtual fibre channel (vfc) LUNs after powering on if there are 2000+ vfc LUNs. WMI queries from the host show the LUNS available. Restarting the VMMs may show the LUNS again as available. DCPromo fails if the interface metric of the physical NIC is larger than Loopback Interface 19919812 Third-party password filter dlls may not be notified when the local Administrator account’s password was changed Attempting system image recovery from an image located on a network share may result in error “A specified logon session does not exist. It may already have been terminated” Server FODs are not retained after in-place (or B2B) upgrade Domain Controller rename updates incorrect attributes in AD leaving orphaned data behind (ValidateSPNsAndDNSHostNameActual). This can be reproduced by adding a new FQDN, setting it as primary, restarting the domain controller, then removing the current FQDN. Checking the msDS-AdditionalDnsHostName, msDS-AdditionalSamAccountName and servicePrincipalName attributes will incorrect values. Invalid file may be created in %Systemroot%\System32\LogFiles\Sum by User Access Logging Self-service users cannot install Feature on Demand (FOD) packages and Language Packs for Windows Server Update Service (WSUS), System Center Configuration Manager (SCCM), and Autopilot scenarios. A container host may become unresponsive due to a deadlock when attempting to mount a volume. On an affected system, Docker hangs on all commands. When a Windows Defender Application Guard container crashes, the resulting type of dump may be unexpected. Read the full article

Windows Server vNext Insider Preview Build 18317 released

Windows Server vNext Insider Preview Build 18317 released. What’s New WDAC – Composable (stacked) code integrity policies for supporting multiple code integrity policies WDAC brings you the ability to support multiple CI policies. Three scenarios are now supported: Scenario 1 – Deploy a “base” policy in enforcement mode and deploy a second “audit” policy side-by-side to support validation of policy changes before deploying in enforcement mode. (Intersection) Scenario 2 – Enforce 2 or more “base” policies simultaneously to allow simpler policy targeting for policies with different scope/intent, e.g., Base1 corporate standard policy that is relatively loose to accommodate all organizations while forcing minimum corp standards (e.g. Windows works + Managed Installer + path rules). Base2 team specific policy that further restricts what is allowed to run (e.g. Windows works + Managed Installer + corporate signed apps only) (Intersection) Scenario 3 – Supplemental policies deployed to expand Base policy, e.g., Azure host baseline policy restricts tightly to just allow Windows and hardware drivers allows supplemental policies. Exchange Azure team supplemental policy adds just the additional signer rules needed to support Exchange team signed code. (Union) Windows Server Bug Fixes We fixed an issue where a password change could result in the next unlock hanging for domain joined AD users. We fixed an issue addressing frequent access violations in bindflt!BfNormalizeNameComponentExCallback. We fixed an issue where SRV2.sys may crash with an access violation when attempting to connect to a client machine with a null name string. We fixed an issue where OpenId Connect sign-on applications may experience high latency in ADFS authentication when using SAML and Oauth code flow. We fixed an issue where an occasional corruption may occur in UserName information on events retrieved using PowerShell cmdlet Get-RemoteAccessConnectionStatistics. We fixed an issue where using classic file explorer in Server core from the App Compat FOD, clicking Eject on a USB device would notify the user that the USB Drive is currently in use, resulting in a hung eject operation. We fixed an issue where virtual machine runtime state (VMRS) files failed to load. An affected system may report a failure in looking up or receiving the VM from the source host due to the data being invalid (0x8007000d). Windows Server Known Issues Dynamic Update Setup on Server shows “Installing Windows 10” instead of Server. Scheduled startup tasks may fail to run. An event is logged, ID 101 with the error code ERROR_LOGON_FAILURE when the failure occurs. A virtual machine may not report all virtual fibre channel (vfc) LUNs after powering on if there are 2000+ vfc LUNs. WMI queries from the host show the LUNS available. Restarting the VMMs may show the LUNS again as available. DCPromo fails if the interface metric of the physical NIC is larger than Loopback Interface ADFS Requests with invalid domain suffixes fail after a long delay (around 3 minutes) with error DS_NAME_ERROR_DOMAIN_ONLY. This can cause queued legitimate requests to experience delays or also timeout. Server FODs are not retained after in-place (or B2B) upgrade Domain Controller rename updates incorrect attributes in AD leaving orphaned data behind (ValidateSPNsAndDNSHostNameActual). This can be reproduced by adding a new FQDN, setting it as primary, restarting the domain controller, then removing the current FQDN. Checking the msDS-AdditionalDnsHostName, msDS-AdditionalSamAccountName and servicePrincipalName attributes will incorrect values. Invalid file may be created in %Systemroot%\System32\LogFiles\Sum by User Access Logging Windows may attempt to reuse an expired DHCP lease if the lease expired while the OS was shutdown. Self-service users cannot install Feature on Demand (FOD) packages and Language Packs for Windows Server Update Service (WSUS), System Center Configuration Manager (SCCM), and Autopilot scenarios. A container host may become unresponsive due to a deadlock when attempting to mount a volume. On an affected system, Docker hangs on all commands. The operating system has an unnecessary utility account for Windows Defender Application Guard. When a Windows Defender Application Guard container crashes, the resulting type of dump may be unexpected. CPU spike may happen when Windows Server logs obsolete Windows Error Reporting reports PnPDriverInstallError and PnPDriverImportError. Read the full article