Windows 10 v2004, 20H2 & 21H1 – Citrix Known Issues

Microsoft releases software updates for Windows 10 twice a year through the Semi-Annual Channel. Microsoft released its Semi-Annual Channel ‘May 2020 update’ (v2004) in May 2020 and ‘October 2020 update’ (20H2) in October 2020.

This article is intended to capture known issues with Windows 10 v2004 and 20H2 that have been identified so far through Citrix internal testing and customer reports.

Note:

  • This is a live article and is updated as and when new information is available.
  • This article also outlines issues seen with Windows 10 20H2. Unless explicitly specified, issues seen with Windows 10 v2004 are seen with Windows 10 20H2 also.

Known Issues

The following are the known issues:

Issue 1

Issue Description

Citrix User Profile Manager (UPM) may stop working after Windows 10 with VDA installed is upgraded to v2004 OR it may break the native Windows applications like notepad, calculator etc when UPM is configured on fresh install of v2004.

[TPV-2706]

Problem Cause

Changes in Windows 10 v2004 is causing this issue.

Solution

This issue is fixed in Citrix Virtual Apps and Desktops 7 2003 and later versions.

Issue 2

Issue Description

Printers part of Citrix Universal Print Server (UPS) are not mapped within ICA session of Windows 10 v2004 VDA.

Problem Cause

Changes in Windows 10 v2004 Operating System is causing the printer mapping failure.

Solution

This issue is resolved with the Microsoft Defender Advanced Threat Protection signature updates released around June 2020.


Issue 3

Issue Description

On Virtual Machine’s (hosted on vSphere) with VM version 14 and boot option EFI, a failure may be seen when you upgrade Windows 10 machine to v2004 with an error “We can’t tell if your PC is ready to continue installing Windows 10. Try restating the setup”

[TPV-2703]

Solution

Installing the latest VMWare tools 11.0.0.x before attempting to upgrade to v2004 resolves this issue.

Issue 4

Issue Description

On Windows 10 v2004 end point with Receiver/Workspace App, when a network interruption is caused by disabling the Network Interface from Control Panel, Session Reliability feature fails to work.

[RFWIN-15116]

Problem Cause

Changes in Windows 10 v2004 Operating System is making the Session Reliability to fall back to Auto Client Reconnect when the network is disrupted.

Solution

This issue has been fixed in Citrix Workspace App.

  • Users on Current Release of Workspace App are advised to upgrade to version 2002 or its replacement that contains the fix.
  • Users on the LTSR version of Workspace App are advised to upgrade to version 1912 or its replacement that contains the fix.

Issue 5

Issue Description

On Windows 10 v2004 end point with Receiver/Workspace App, when a network interruption is caused using Firewall, Session Reliability feature fails to work.

[RFWIN-15263]

Problem Cause

Changes in Windows 10 v2004 Operating System is making the Session Reliability to fall back to Auto Client Reconnect as soon as the the network is disrupted.

Solution

This issue has been fixed with KB4571744. Install this KB OR its replacement on end-points to resolve this issue.


Issue 6

Issue Description

ICA launch of Citrix VDA installed on Windows 10 Virtual Desktop v2004 fails OR ICA session disconnects within 2 minutes with error message “Idle Timer Expired “ or “Logon timer Expired”.

[TPV-3025]

Problem Cause

Changes in Windows 10 v2004 Operating System is causing this issue.

Solution

For Citrix VDA version 2006 and above:

Issue is resolved in KB4586853, Install this KB OR its replacement on your VDAs to resolve this issue.

For Citrix VDA versions before 2006:

ICA launch still fails and Citrix is working on fixing it. Please use the below workaround.

Workaround

The WDDM graphics display driver for Remote Desktop Connection which is enabled by default in Windows 10 v2004 and above needs to be disabled as it is not supported by the Citrix VDA. To disable, set the below policies through the group policies for your OU:

  • Browse to Administrative Templates (Computers) -> Windows Components – > Remote Desktop Service -> Remote Desktop Session Host.
  • Disable the setting “Use WDDM graphics display driver for Remote Desktop Connection”

Issue 7

Issue Description

A failure during component initialization may be seen when 7.15 LTSR VDA (with any CU) is upgraded to CU6 on Windows 10 v2004. This issue is not seen with a fresh install of CU6 VDA on Windows 10 v2004.

[LCM-7909]

Problem Cause

An error “Failed to configure component ‘ICA for workstation services’ because it is not installed” is seen. Changes in Windows 10 v2004 is causing this issue.

Solution

Citrix is working with Microsoft to resolve this issue.

Workaround

  • Uninstalling the existing CU and installing CU6 resolves this issue.
  • Upgrading 7.15 LTSR VDA to CU6 prior to upgrading VDA OS to Windows 10 v2004 is advised.


Issue 8

Issue Description

Following upgrade to Windows 10 v2004, user personalization layer (UPL) services will no longer be able to start during logon. This prevents user layer disks from attaching or being created when users log into their desktops. Note, this issue does not impact App Layering User Layers, it only affects user personalization layer for Virtual Apps and Desktops

[UNI-78456]

Problem Cause

During upgrade to Windows 10 v2004 Microsoft is removing the UPL service key and service from the Winlogon chain.

Solution

This issue is fixed in Citrix Virtual Apps and Desktops 2009 or newer. This issue has also been fixed with the latest updates of 20H1/20H2.

Issue 9

Issue Description

App Layering fails to import a new OS Layer for Windows 10 v2004 with the error: “A failure occurred while importing the OS: Cannot handle more than two partitions on a disk.”

[UNI-79067]

Problem Cause

Importing Windows 10 v2004 as a new OS Layer fails due to Windows creating a recovery partition during installation which results in their being a total of three partitions for the image. This is greater than the maximum two partitions allowed for OS Import.

Solution

This issue is fixed in Application Layering 2009 or newer. Citrix recommends to upgrade the Enterprise Layer Manager (ELM) and do the import again.

Issue 10

Issue Description

Published images from App Layering running Windows 10 v2004 can take 5 minutes or longer to log into Windows and/or for the Start Menu to appear after login.

[UNI-79147]

Problem Cause

The issue is caused by missing dependencies between the App Layering uniservice, and the Windows Delivery Optimization Service (dosvc) and Storage Service (StorSvc).

Solution

This issue is fixed in Application Layering 2011 or newer. Citrix recommends to upgrade the Enterprise Layer Manager (ELM) and redeploy any images.

Issue 11

Issue Description

Audio redirection may fail after a reconnect of ICA session on Windows 10 Multi-session editions with Citrix VDA.

[CVADHELP-15804]

Problem Cause

Changes made in Windows 10 v2004 is causing this issue.

Solution

There is no solution. Citrix is working on a fix to resolve this issue.


Issue 12

Issue Description

Upgrade to Windows 10 20H2 may fail on machines that are configured to have domain administrator profiles managed by UPM

[UPM-3083]

Problem Cause

Changes made in Windows 10 v2004 is causing this issue.

Solution

There is no solution. Citrix is working with Microsoft to resolve this issue.

Workaround

Ensure the domain administrator profiles are not managed by UPM before upgrading to Windows 10 20H2.

Issue 13

Issue Description

Unable to launch publish desktop. Desktop Viewer disappears after it opens.

[CVADHELP-15537]

Problem Cause

Changes made in Windows 10 v2004 is causing this issue.

Workaround

Downgrade OS to Windows 10 v1909.

Related:

  • No Related Posts

Recommended Hotfixes for XenApp 7.x

The following Citrix and Microsoft hotfixes are found to resolve the most common issues with XenApp/XenDesktop 7.6, and XenApp/XenDesktop 7.5 running on a Windows Server 2008 R2 or a Windows Server 2012 R2 platform. These hotfixes focus on basic functionality and stability.

Note :

1. Fixes for Current Releases will likely be released in the next Current Release; therefore, it is less likely that an individual fix would be released for a Current Release version. You may be asked to upgrade to the next version of a Current Release that includes the requested fix and new functionality.

2. This article aims to describe the recommended hotfixes before Citrix LTSR(7.6.300) and Citrix CR(7.7~7.14). Please go to docs.citrix.com for more hotfixes regarding LTSR and CR.

Issue: Attempts to restart the Citrix Device Redirector Service from within a VDA or RDP session can cause the service to remain in an unresponsive state rather than actually restarting.

Available Software Updates:

ICAWS760WX64047 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit) – English
ICAWS760WX86047 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English
ICATS760WX64053 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

Issue:

  • The operating system experiences an error on picadm.sys and a blue screen appears with stop code 0x20.
  • A deadlock on picadm.sys can cause published applications to become unresponsive.
  • The operating system experiences an error on picadm.sys and a blue screen appears with stop code 0x50.
  • The VDA might become unresponsive at the “Welcome” screen due to a deadlock on picadm.sys.
  • Remote Desktop (RDP) connections to the server fail.

Available Software Update:

ICATS760WX64048 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue: Certain third-party published applications might fail to start on XenApp servers. As a result, the wfshell.exe process might close unexpectedly. When this error occurs, no indication that the session is starting or error messages appear on the user device.

Available Software Updates:

ICAWS760WX64042 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit)-English
ICAWS760WX86042 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English
ICATS760WX64040 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue: Citrix XenApp 7.6 and XenDesktop 7.6 VDA Core Services running on Windows Server 2008 R2 (Server OS) might become unresponsive at the “Welcome” screen. If this occurs, new Receiver and Remote Desktop (RDP) connections to the server fail.

Available Software Updates:

ICAWS760WX64026 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit) – English
ICAWS760WX86026 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English
ICATS760WX64032 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue: The Citrix Stack Control service quits unexpectedly if there is an invalid session key.

Available Software Update:

ICATS760WX64006 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English

XenApp 7.5/ 7.1

Issue:

  • The memory consumption of the Monitoring Service can grow steadily until the service stops responding to requests from Director, eventually rendering Director unresponsive as well.
  • If the resource name (display name) changes on the Delivery Controller, users who previously subscribed to the applications cannot start the applications.
  • If you create virtual machines (VM) with Desktop Studio that uses Machine Creation Services and the VMs are hosted on a VMware hypervisor, attempts to update VMs that are part of the machine catalog fail.

Available Software Updates:

Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x64 – English
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x86 – English

_______________________________________________________

Issue:

  • VDAs can becomes stuck in the “initializing” state of registration process. The issue occurs after the Citrix Desktop Service is running for several days without being restarted.
  • When the function “CName” is enabled, VDA registration can take excessively long.

Available Software Updates:

BrokerAgent750WX64003 – For Broker Agent 7.1/7.5 for Windows OS (64-bit) – English
BrokerAgent750WX86003 – For Broker Agent 7.1/7.5 for Windows OS (32-bit) – English

_______________________________________________________

Issue: Installing hotfixes for XenApp 7.5, and XenDesktop 7.1 and 7.5 VDA Core Services for Windows Desktop and Server OS released before September 2014 causes the ICA Session performance monitor counter to be removed. This can have an adverse effect on the operation of tools and processes that rely on these counters.

Available Software Updates:

ICAWS750WX64011 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (64-bit) – English
ICAWS750WX86011 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (32-bit) – English
ICATS750WX64011 – For VDA Core Services 7.1/7.5 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue:The Citrix Print Manager Service (CpSvc.exe) process might exit unexpectedly.

Available Software Updates:

ICAWS750WX64019 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (64-bit) – English
ICAWS750WX86019 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (32-bit) – English
ICATS750WX64019 – For VDA Core Services 7.1/7.5 for Windows Server OS (64-bit) – English

_______________________________________________________

Issue:

  • This fix addresses an intermittent high memory utilization issue of the Broker Service on the Controller.
  • This fix addresses a memory consumption issue of the Monitoring Service.

Available Software Updates:

Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x64 – English
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x86 – English

Note:

Refer to the complete list of all the available HotFixes for

XenApp 7.6 64-bit32-bit

XenApp 7.5 64-bit32-bit

Microsoft HotFixes (including links to Microsoft HotFix list)

Windows Server 2012 R2 contains most of the following hotfixes (exceptions noted inline). Microsoft has published the following KB article specific to Remote Desktop Services: Available Updates for Remote Desktop Services (Terminal Services) in Windows Server 2012 R2. For Microsoft Hotfixes applicable to the Windows Server 2008 R2 and the Windows 7 platforms, see the “Microsoft Hotfixes” section in the following article: CTX129229 – Recommended Hotfixes for XenApp 6.x on Windows Server 2008 R2.

Note: The descriptions of the Microsoft fixes listed in this article (CTX142357) might not match the descriptions in the Microsoft articles for the following Microsoft fixes. This is not an error. The issue description listed by Citrix in the following matrix was resolved by an earlier version of that file however it has been superseded by the article/fix currently listed.

KB Number Issue description
KB3033929
  • UPM driver load breaks if this KB is not applied.
KB3078676 – NEW
  • This article describes an issue in which even 1530 is logged, and user profile service (ProfSvc) leaks paged pool memory and handles in Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2. This issue occurs if the ProfSvc service loads and then unloads a user profile. Additionally, the following event is logged in the Event viewer: Event ID 1530. Description: Windows detects your registry file is still in use by other applications or servers. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
KB3127673 – NEW
  • The Stop error 0x000000C2 might be caused by an error handling issue in the win32k.sys file.
  • The Stop error 0x0000003B might be caused by a synchronization issue in the dcgkrnl.sys file.
  • The parameters in Stop error messages may vary, depending on the configuration of the computer.
  • Not all “Stop 0x000000C2” errors or “Stop 0x0000003B” errors are caused by one of these issues.
KB3055615 – NEW
  • A windows Server 2012 R2 Server becomes slow and unresponsive if update 2927901 is installed.
  • You have update 2927901 installed on a Windows Server 2012 R2 server.
  • You have users who frequently log in and log off the server through Remote Desktop.
KB3013769
  • Memory leak occurs when you create or delete CSV snapshots by using a VSS hardware provider
  • IIS crashes occasionally when a request is sent to a default document in Windows 8.1 or Windows Server 2012 R2
  • You receive Stop error 0xD1 in Windows Server 2012 R2 or Windows 8
  • Device does not exist error after you reinsert a USB COM port device
KB2978367
  • Remote Desktop session freezes when you run an application in the session in Windows 8.1 or Windows Server 2012 R2.
KB2967077
  • A network printer is deleted unexpectedly in Windows
KB2895698
  • Users who have the remote audio setting enabled cause the RD Session Host servers to freeze intermittently in Windows Server 2012 R2 or Windows Server 2008 R2 SP1
KB2896328
  • You are logged on with a temporary profile to a remote desktop session after an unexpected restart of Windows Server 2012
KB2852483
  • Memory leak occurs in the Dwm.exe process on a Remote Desktop computer that is running Windows 8 or Windows Server 2012
KB2995388
  • Memory leak occurs when you play mp4 files in Windows 8.1 or Windows Server 2012 R2
  • Computer freezes when you switch to another account in Windows 8.1 or Windows Server 2012 R2
  • An NTFS volume is flagged as dirty after each restart, and CHKDSK can find no issues
  • Print jobs are intermittently processed slowly through Windows 8.1-based or Windows Server 2012 R2-based printer servers
  • Network printers that use TCP/IP port cannot print after first document has printed in Windows

Related:

  • No Related Posts

Law Firm DLA Piper Launches Security Tokenization Platform TOKO

Image from Shutterstock

On November 22, DLA Piper, a law firm operating in more than 40 countries, announced the launch of its new security token platform TOKO, which will allow investors to purchase fractions of tokenized assets. The project was developed in collaboration with Aldersgate DLS (Digital Ledger Solutions), and is built on Hedera Hashgraph, Hyperledger Fabric, and Microsoft Azure.

Hedera is a decentralized public network where developers can build secure applications with near real-time finality. The platform is governed by a council consisting of some of the world’s leading organizations, including Boeing, Deutsche Telekom, Google, IBM, UCL, LG Electronics, and Tata Communications.

TOKO leverages Hedera Hashgraph’s consensus algorithm and time stamping to deliver a secure tokenization service through the platform. Moreover, the Hedera Consensus Service (HCS) will provide transaction ordering through a Hyperledger Fabric network with various organizations, peers, and orderers. According to DLA Piper, the network will be deployed in the Microsoft Azure cloud environment, connecting to the Hedera public mainnet.

Advertisement

In the announcement, DLA Piper and Aldersgate DLS claimed to have successfully completed the first tokenization project on the platform, featuring a fine art asset. This month, the artwork, created by Chinese artist Wang Xiao Bo, was commissioned and purchased by a select group of the company’s Hong Kong partners in an unregulated security offering.

Scott Thiel, Partner at DLA Piper, said that the company will try to deliver a full ecosystem for digital asset tokenization, and that TOKO was only the first step. He further stated that the firm will utilize investor feedback and build out collaborations with new consortium partners to create a “robust, trusted marketplace for digital assets.”

Related:

  • No Related Posts

On Internet Explorer 11 Endpoint Analysis Plugin Fails to Run on NetScaler Gateway Virtual Server and User is prompted to “Download” or “Skip Check”

The Endpoint Analysis (EPA) plugin fails on NetScaler Gateway virtual server, when using Internet Explorer 11 (IE 11) with Microsoft hotfix KB3025390 installed.

After installation of the Microsoft hotfix, you will be directed to a page where you can either “Download” the plugin or “Skip Check” in some builds. The EPA plugin does not run as expected.

User-added image

Related:

New Expanded HCI Options Deliver Flexibility and Choice

Dell EMC Solutions for Microsoft Azure Stack family Microsoft’s partner conference – Microsoft Inspire – is taking place this week. While it will look a little different this year, we are looking forward to virtually networking and discussing what’s coming in the year ahead. This year, Dell Technologies is announcing several new expanded platform options for the Microsoft Azure Stack portfolio that further simplify and automate management as well as provide flexibility and choice. For those of you not familiar, Dell Technologies offers two comprehensive Azure Stack solutions: Dell EMC Solutions for Azure Stack HCI and … READ MORE

Related:

PegaSys Ethereum Suite Added to Microsoft’s Azure Marketplace

PegaSys Ethereum Suite Added to Microsoft’s Azure Marketplace

A partnership between two founding members of the Enterprise Ethereum Alliance (EEA) will be bringing PegaSys Ethereum suite to the Microsoft Azure Marketplace.

According to ConsenSys, the partnership with Microsoft that will enable developers access tools needed to manage a full-scale Enterprise Ethereum network via Microsoft’s Azure marketplace.

The @PegaSysEng#Ethereum suite will be available on the Microsoft @Azure Marketplace. #PegaSysAzurehttps://t.co/maehht3k2D

— ConsenSys (@Consensys) May 8, 2020

The Ethereum development studio in its press release noted that developers would be able to access the PegaSys Ethereum Suite through the Azure Marketplace to build private networks and operate on the Ethereum mainnet.

Notably, the PegaSys Ethereum Suite, which includes Hyperledger Besu, PegaSys Plus, and PegaSys Orchestrate, will help developers deploy multi-node networks with blockchain explorers, monitoring, and dashboards.

Additionally, the principal program manager of blockchain engineering for Microsoft, Yorke E. Rhodes III, expressed his happiness towards the new offering.

He said, “Microsoft would continue to advance the enterprise quality and tooling for blockchain networks.” Adding that blockchain development is core to serving the needs of customers using Azure.

Notably, the Microsoft Azure Marketplace is like an app store for developers. Where they can purchase software licenses or sample products that help them build their tools.

Users embracing the PegaSys Suite

The general public has well received the PegaSys Ethereum Suite. According to Dan Heyma, a member of the PegaSys team, there have already been over 130,000 downloads of the suite. In addition to over 200 enterprise networks built with Besu.

Heyman noted that the addition of suite to the marketplace wouldn’t only increase visibility but also improve developers’ experience.

“Our close collaboration with Microsoft improves our performance on Azure as well as lays the foundation for deeper collaboration on future Ethereum offerings,” he said.

PegaSys is the protocol engineering group at ConsenSys. Which is also the Brooklyn, New York-based firm known for incubating Ethereum projects.

Long-lasting partnership

ConsenSys and Microsoft have been in partnership for a long time now. Both software companies have been together since the first Visual Studio plug-in for Solidity in 2016.

They also partnered in the forming of the Enterprise Ethereum Alliance. To create the very enterprise Ethereum client specification that Hyperledger Besu uses.

Notably, Hyperledger Besu is an open-source Ethereum client written in Java’s programming language.

Microsoft recently launched a new crypto initiative that enables the crypto mining system performs online functions. The initiative also aims to make use of search engines, chatbots and reading ads. Through involuntary body activities like brain waves and body heat.

Also, last year tech giant Microsoft got into the cryptocurrency space by partnering with leading blockchain gaming platform, Enjin. Microsoft launched its very own reward system ERC1155 collectibles and introduced Azure Heroes with Enjin to create a blockchain-based recognition program.

Related:

PegaSys Ethereum Suite Now Available on Microsoft’s Azure Marketplace

Developers can now access the tools needed to manage a full-scale Enterprise Ethereum network through Microsoft’s Azure marketplace.

The PegaSys Ethereum Suite, which includes ​Hyperledger Besu,​​ PegaSys Plus​ and PegaSys Orchestrate​, will help developers deploy multi-node networks with blockchain explorers, monitoring and dashboards, Ethereum development studio ConsenSys said in a press release on Friday.

PegaSys is the protocol engineering group at ConsenSys, which in turn is the Brooklyn, New York-based firm known for incubating Ethereum projects. Despite laying off dozens of workers in late April, the firm is looking ahead to further network developments in the blockchain arena.

Related:Schlesi Testnet Is Latest Step in Long Road Toward Eth 2.0

“We are excited to see the launch of Hyperledger Besu and PegaSys Plus on the Azure Marketplace,” said Yorke E. Rhodes III, principal program manager at Microsoft’s Blockchain Engineering, in a statement to CoinDesk. “Continuing to advance the enterprise quality and tooling for blockchain networks and development is core to serving the needs of customers using Azure.”

See also: Azure Integration Opens Blockchain Firm Kaleido to 80% of Cloud Market

The Azure allure draws in thousands of potential developers to build within the blockchain ecosystem by providing them with development kits necessary for constructing web 3.0 infrastructure, including cloud computing.

The Microsoft Blockchain Development Kit for Ethereum ​will also now support Hyperledger Besu directly, ConsenSys said.

Related:Blockchain Bites: Hyperledger Makes Inroads, Bitcoin Gets ‘Harder’ and Buffett’s Not ‘Halving’ It

​Hyperledger Besu is an open-source Ethereum client written in Java’s programming language. In 2019, it was gifted to Hyperledger, another open-source collaborative blockchain effort hosted by the Linux Foundation.

​PegaSys Plus, the commercial subscription of Hyperledger Besu, offers additional capabilities and support guarantees, while ​PegaSys Orchestrate ​is an Ethereum transaction orchestration system.

An orchestration system is designed to cut down the time and labor eaten up in manual coding by better aligning a business’ data and applications to others. In the case of PegaSys Orchestrate, it enables organizations to build on any Ethereum network by providing functionality to manage transactions, smart contracts and private keys.

See also: Enterprise Ethereum Alliance Launches Testing Ground for Blockchain Interoperability

ConsenSys has held a strong partnership with Microsoft since the first Visual Studio plug-in for Solidity that the two software companies launched in early 2016.

Both Microsoft and ConsenSys are founding members of the Enterprise Ethereum Alliance (EEA), a standards group where finance and other industries explore private versions utilizing Ethereum technology.

Related Stories

Related:

Microsoft releases Windows 10 builds 18363.815, 18362.815 with a ton of fixes

Patch Tuesday was only a week ago, but it’s now time for this month’s round of optional updates. Typically, Microsoft does this in several installments, offering updates to different versions at different times. But today, Windows 10 version 1909, 1903, 1809, 1803, and 1607 are all getting updates.

The reason that they’re all getting patched today is likely because this is going to be one of the last times to do it. Starting in May, Microsoft won’t be releasing optional cumulative updates anymore, only Patch Tuesday updates. This is to focus on stability for those working from home during the COVID-19 pandemic.

For those on Windows 10 versions 1909 and 1903, you’ll get KB4550945, bringing the build number to 18363.815 and 18362.815, respectively. You can manually download it here, and these are the highlights:

  • Updates an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image error message appears.
  • Updates in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Updates an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that generates unexpected notifications when you change the default application settings.
  • Updates an issue that causes Windows Update to stop responding when you check for updates.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image exception dialog box appears.
  • Addresses in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Addresses an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
  • Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
  • Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses an issue that generates unexpected notifications related to changing the default application settings.
  • Addresses an issue that causes the sign in screen to be blurry.
  • Addresses an issue that causes Windows Update to stop responding when you check for updates.
  • Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfingerprintenrollment Uniform Resource Identifier (URI).
  • Addresses an issue with Bluetooth group policy settings on Microsoft Surface Pro X devices.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that causes the Trusted Platform Module (TPM) initialization to fail with system event error 14 and prevents Windows from accessing the TPM.
  • Addresses an issue that causes communication with the TPM to time out and fail.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.
  • Addresses an issue that causes the Clipboard service to unexpectedly stop working.

Windows 10 version 1809 just had its support extended, and those users will get KB4550969, bringing the build number to 17763.1192. You can manually download it here, and these are the highlights:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes high CPU usage on Active Directory (AD) domain controllers when migrating to Windows Server 2019. This increases latency in Microsoft Exchange operations, causes Managed Store contention, and severely impacts index creation in Active Directory and the Global Catalog’s performance.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue that might cause the Remote Desktop Gateway service to stop working.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.
  • Addresses an issue that causes stop error 0x18 (REFERENCE_BY_POINTER) when Remote Desktop sessions redirect devices that are not input devices.

This one does have one known issue to be aware of:

Symptom Workaround
After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_ COMPONENT_NOT_FOUND.”
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.


For those running Windows 10 version 1803, which is only supported for Enterprise and Education SKUs, you’ll get KB4550944, bringing the build number to 17134.1456. You can manually download it here, and there’s one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses a Task Manager CPU frequency display issue that locks to the base frequency on devices equipped with certain CPUs.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that prevents certain apps from installing if they are published using a Group Policy Object.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.

Finally, Windows 10 version 1607 is still supported for LTSB and Windows Server 2016 customers, and they’ll get KB4550947, bringing the build number to 14393.3659. You can manually download it here, and it has the same one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
  • Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that might prevent Dynamic Host Configuration Protocol (DHCP) servers from providing the right options to clients when a reservation exists.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue in Srv2.sys that might cause 0x18, 0xC2, and 0x19 errors.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.

This one also has one known issue:

Symptom Workaround
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.


As mentioned earlier, these updates are optional. That means that you can get it through Windows Update if you opt into it, or you can install it manually. If you choose to not take the update, these fixes will be bundled into next month’s Patch Tuesday updates.

Related:

Getting incorrect username or password error when using FAS to single sign on with VDA with event ID 102 and event ID 25 on DC

Some applications have features that read the token-groups-global-and-universal (TGGAU) attribute on user account objects or on computer account objects in the Microsoft Active Directory directory service. Some Win32 functions make it easier to read the TGGAU attribute. Applications that read this attribute or that call an API (referred to as a function in the rest of this article) that reads this attribute do not succeed if the calling security context does not have access to the attribute.

By default, access to the TGGAU attribute is determined by the

Permission Compatibility decision (made when the domain was created during the DCPromo.exe process). The default permission compatibility for new Windows Server 2003 domains does not grant broad access to the TGGAU attribute. Access to read the TGGAU attribute can be granted as required to the new Windows Authorization Access (WAA) group in Windows Server 2003.

Related: