Microsoft Japan Gives the List of January’s ‘Problematic’ Updates for Windows 7 Network Connectivity

UPDATE: Microsoft quietly resolved the issue described in this article using KB4487345

Original article…

Microsoft USA rarely apologizes for bad patches and definitely refuses to concede that any are problematic, however, Microsoft Japan has now listed out the updates (translated page) from January 2019’s Patch Tuesday that are giving companies fits when trying to connect to their networks.

What started out as the inability to connect to network shares has also been reported to keep users from connecting to shared printers.

After applying one of the following update programs published on January 8, 2019, to the file server and accessing the file server (the computer holding the shared folder ) by using the local user belonging to the Administrators group, The event of connection failure will occur.

This may cause problems such as access to a shared folder or connection to a network printer.

[ Workaround ]

When accessing the file server, use a local account that does not belong to the Administrators group, or use a domain account.

[ Corrective measure ]

Please check the Known Issues section of each update for the latest information on countermeasures against this problem.

OS version Problematic Update
Windows 7 SP1 / Windows Server 2008 R2 SP1

(Monthly Rollup)

KB 4480970 (Monthly Rollup)
Windows 7 SP1 / Windows Server 2008 R2 SP1

(Security-only update)

KB 4480960 (Security-only update)
Windows Server 2008 SP2

(Monthly Rollup)

KB 4480968 (Monthly Rollup)
Windows Server 2008 SP2

(Security-only update)

KB 4480957 (Security-only update)

As soon as we update the compatibility situation, this blog is also planned to be updated.

Good on you, Japan!

Microsoft Reverts Changes to KMS Servers that Caused Widespread Problems with KB971033

UPDATE: What seemed like yet another problem with yet another Microsoft patch has turned out to be something else. The issue, as it turns out, was a combination of customers installing KB971033 and Microsoft making changes to its license activation servers.

From Activation failures and “not genuine” notifications around January 8, 2019, on volume-licensed Windows 7 KMS clients:

A recent update to the Microsoft Activation and Validation unintentionally caused a “not genuine” error on volume-licensed Windows 7 clients that had KB 971033 installed. The change was introduced at 10:00:00 UTC on January 8, 2019, and was reverted at 4:30:00 UTC on January 9, 2019.

Note This timing coincides with the release of the “1B” January 2019 updates (KB 4480960 and KB 4480970) that were released on Tuesday, January 8, 2019. These events are not related.

The article goes on to recommend uninstalling KB971033.

Microsoft has yet to apologize for causing the widespread panic, only taken time to explain it.

— original article —

UPDATE with Workaround – Tracking: KB971033 Affecting KMS for Windows 7 Clients

According to new reports, there’s a bug in the KB971033 update that is causing problems with Windows 7 clients and KMS.

UPDATE:  A poster to a thread on Reddit concerning this issue offers a workaround that was obtained by Microsoft:

Action Plan :Uninstall KB971033

Reboot

Run Command Prompt as administrator

i. Type: net stop sppsvc

ii. Type: del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah

iii. Type: del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah

iv. Type: del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

v. Type: del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\cache\cache.dat

vi. Type: net start sppsvc

vii. Type: slmgr /ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH

Type: slmgr /ato

As others have correctly pointed out, the key in step vii is for Windows 7 Enterprise. Use the correct key for your environment. https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys

Microsoft Acknowledges KB4480970 Bug for SMBv2 Shares, Provides Explanation and Guidance

Customers are experiencing a severe bug in KB4480970 where computers are unable to access network shares. Reports have been rolling in steadily since the roll-up for Windows 7 was released.

Microsoft has now updated the roll-up history page to reflect the bug, issue some reasoning, and apply some guidance for affected customers.

Problem:

Local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8th, 2019 security updates. This does not affect domain accounts in the local “Administrators” group.

Guidance:

To work around this issue use either a local account that is not part of the local “Administrators” group or any domain user (including domain administrators).

We recommend this workaround until a fix is available in a future release.

2018 Holdover Bug Causing Renewed Problems with Network Connectivity for Windows 7

A bug that has existed for much of 2018 for Windows 7 and Windows 2008 R2 has once again begun causing problems for users of those operating system versions.

The original bug forced many to reinstall hardware drivers for their network cards…

After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.

To locate the network device, launch devmgmt.msc. It may appear under Other Devices.

To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

UPDATE: The following is now resolved with KB4487345.

However, a new wrinkle may have been exposed in that network shares are no longer accessible using SMBv2.

The problem is exhibited in both KB4480960 and KB4480970.

A workaround has been offered that requires modifying the Windows registry – proper rights are needed to make the change:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

A reboot is required.

You can also just remove the update, but this security patch is pretty critical to install.

Microsoft Ends Its Program to Deliver Instant Fixes to Windows Problems

In a redirect from a KB article, Microsoft gives more evidence that it’s truly serious that it wants cumulative updates to be the go-to solution for updates.

One page, originally titled “How to use Microsoft easy fix solutions” is now brandished in bold letters: Microsoft Easy Fix solutions are no longer supported

It goes on to say…

You might have tried to download a Microsoft Easy Fix solution (formerly referred to as a “Fix It”). Easy Fix solutions are no longer supported or offered for download.

 


 

Microsoft Announces Its Next Windows Desktop – in the Cloud

Many people wonder where Windows will go next. Those in attendance for the opening keynote at Microsoft Ignite 2018, might have wondered where any news about Windows desktop would come in.  Technically, it didn’t.

Keynotes are supposed to be visionary speeches. But, when a vendor owns the conference, it becomes a tell-tale sign of where the company wants to herd its customers next so that it can optimize its revenue base for the future. So, the bigger news in a vendor keynote is what is NOT mentioned. Microsoft’s CEO, Satya Nadella, used today’s keynote to talk about the cloud and AI.

What was not mentioned during the opening keynote was Windows on PCs. However, Windows hasn’t been left out entirely from Ignite news. Instead, Windows was given new life – but in the cloud.

Microsoft today has unveiled its next vision of a desktop operating system. Called Windows Virtual Desktop, Microsoft will enable its customers (those subscribed to its new Microsoft 365 service) to run Windows virtual instances in Azure. Essentially, you bring the device – it doesn’t matter what device – and run Windows and Windows apps in a web browser. As we’ve found through recent testing and research, the underlying OS is irrelevant. In fact, we’re working up a full series on switching from Windows 10 to ChromeOS. Its become very clear that needing Windows to function is no longer a requirement and is actually a cost savings in itself. And, with this new service, you would only need to spin up a Windows instance when you need it – which is getting rarer and rarer. And, it possible that Microsoft is starting to realize it, too.

Incidentally, this is not new. Amazon has been providing this feature for a while with its AWS services. But, Microsoft provides the following bullet points to suggest it does it better:

  • The only service to enable a multi-user Windows 10 experience, including compatibility with Microsoft Store and existing Windows line-of-business apps while delivering cost advantages previously only possible with server-based virtualization.
  • The best service to virtualize Office 365 ProPlus running in multi-user virtual scenarios. Microsoft Office is the most virtualized app used, and we are committed to deliver the best possible virtual experience. In the months ahead, we will have more to share on our investments in the Office 365 virtualized experience for the Windows Virtual Desktop service.
  • The only service to provide Windows 7 virtual desktop with free Extended Security Updates, giving you more options to support legacy apps while you transition to Windows 10.
  • The most scalable service to deploy and manage Windows virtual machines, using Azure for compute, storage, rich diagnostics, advanced networking, connection brokering, and gateway. You no longer need to host, install, configure, and manage these components yourself—so you can deploy and scale in minutes.
  • The most flexible service allowing you to virtualize both desktops and apps, meaning you can choose between providing your users the entire desktop experience or delivering only specific apps. When you deliver virtual apps to a Windows 10 endpoint, they are integrated seamlessly into the user experience.
  • Deeply integrated with the security and management of Microsoft 365. The Microsoft 365 conditional access, data loss prevention, and integrated management are natively built in—providing the most secure and simplest solution for protecting and managing all your apps and data.

 

A public preview is in the works and expected to launch later this year. Microsoft has made no definite schedule. It will be available to Windows 10 Enterprise and Windows 10 Education customers.

Resources:

Windows Virtual Desktop web site

Sign-up to participate in the preview (when available)


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Microsoft Service Stack Updates Will be Recategorized as Security Updates so Customers Will Actually Install Them

The confusion around the many updates that Microsoft delivers each month continues. But, the company is trying to hard to minimize the confusion – if it can’t simply fix the quality.

However, a new explanation from Microsoft, seems to suggest that the company has found a culprit for the many quality related complaints from customers about its monthly updates. In short, its the customers.

The culprit (at least for Windows 7 customers) is that many customers are skipping the Servicing Stack updates. These updates, Microsoft says, are designed to…

…ensure that you have a robust and reliable servicing stack so that your devices receive and install Microsoft security fixes.

So, without these installed, many security updates are being installed into a questionable updating environment. And, that’s a recipe for disaster – as many have experienced. Microsoft says that it tests updates against a known good configuration, but once made public, the company has no way of knowing what a customers computing environment looks like.

Microsoft has been marking these Servicing Stack updates as critical in the system, but customers have been apparently ignoring the label. Starting in October, these will be relabled as security updates. This, with the hope, that customers won’t ignore them.

Additionally, Microsoft will reissue the Windows 7 Service Pack 1 (SP1) servicing stack update (KB 3177467) to make sure all customers are on the same operating level.

Extra details: Windows 7 servicing stack updates: managing change and appreciating cumulative updates

Interestingly, Microsoft ends the post by saying…

…we specifically addressed this complexity and exposure in Windows 10 with the cumulative update model. Today, we test each month’s patches against a known configuration of Windows 10 before we ship a release. Each update includes all the previous fixes necessary to bring a device forward to a fully patched and current state, provided it has the latest monthly update installed.

Yet, customers continue to complain about the poor quality of Windows 10 updates, too.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Intune to Stop Supporting Windows 7 in 2020

Microsoft has taken to its notification system to give advanced warning to customers still managing Windows 7 devices. Windows 7 reaches the end of extended support on January 14, 2020. As such, Microsoft will also stop supporting management of Windows 7 devices using Intune (or whatever it is called in 2020).

Windows 7 reaches end of extended support on January 14, 2020. At that time, Intune will retire support for devices running Windows 7, so we can focus our investment on supporting newer technologies and providing great new end user experiences. After that date, technical assistance and automatic updates that help protect your PC will no longer be available. Microsoft strongly recommends that you move to Windows 10 before January 2020, to avoid a scenario where you need service or support that is no longer available. 

Recommendations: Intune Plan for Change: Nearing End of Support for Windows 7


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

NIC Stops Working Issue for Windows 7 Roll-up Survives Another Month

This nagging issue has been around for a couple months now, but Windows 7 users can still expect it in certain situations. Microsoft is not fully aware of the exact configurations that cause it, but in those unknown states the Network Interface can stop working after installing the Windows 7 Roll-up.

This month’s roll-up: September 11, 2018—KB4457144 (Monthly Rollup)

Issue:

After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.

Workaround:

  1. To locate the network device, launch devmgmt.msc. It may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.


 

Monthly Rollup for Windows 7 Causes the Network Controller to Stop Working

Something to be aware of with the monthly rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4338818) for July 10, 2018.

There is an issue with Windows and third-party software related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.

The Microsoft supplied workaround:

  1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

 

a. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Known Issues for Windows Security Updates for May 2018

As has been the case for a while, Microsoft delivers its OS updates already knowing that there are potential gotchas included. This month, you can expect the following…

Windows 10 version 1709 – KB4103727 (OS Build 16299.431) – Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you’ve created and Device Guard is enabled.

Windows 7 SP1 and Windows Server 2008 R2 SP1 – KB4103718 (Monthly Rollup) and KB4103712 (Security-only update) – A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).

For both known issues, Microsoft is already working on fixes.

For those things that are unknown gotchas this month, stay tuned. Monthly patching can sometimes be a roller coaster ride.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections