GPMC error for "Security Options" after Updates 2020-09 in Windows Server 2016 Domain Controllers

Hofstetter Martin 46 Reputation points
2020-09-11T07:36:03.623+00:00

We have found that if a Windows Server 2016 DC has been patched with the current Cumulative Update 2020-09 and Servicing Stack Update 2020-09, the "Security Options" in a policy can no longer be opened in the GPMC afterwards. It is not clear which of these two updates really causes this. Windows Server 2019 DCs seem not to be affected.24073-gpmc-error.jpg

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
Accepted answer
  1. Hannah Xiong 6,231 Reputation points
    2020-10-21T01:07:36.127+00:00

    Hello,

    Microsoft had released the new KB4580346 to fix this issue. This release addresses an issue that might prevent you from accessing the Security Options data view in the Group Policy Management Editor (gpedit.msc) or Local Security Policy Editor (secpol.msc). The error is, "MMC has detected an error in a snap-in”.

    https://support.microsoft.com/en-us/help/4580346/windows-10-update-kb4580346

    Thanks.

    Best regards,
    Hannah Xiong

    2 people found this answer helpful.
    0 comments

10 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hannah Xiong 6,231 Reputation points
    2020-09-14T08:04:46.507+00:00

    Hello,

    Thank you so much for your time and support.

    Update 2020-09 Cumulative Update (KB4577015) is causing this GPO MMC error. We are so sorry that we are having this problem. We have reported this issue and will come back here for any feedback.

    Besides, to avoid being affected, we could choose to uninstall this update as shown below.

    24356-uninstall-update.png

    24444-uninstall-2.png

    After successfully uninstall, the security options MMC could be opened then.

    24378-security-option.png

    So sorry for the inconvenience caused. Thank again for your support.

    Best regards,
    Hannah Xiong

  2. Henrik Hallebrand 1 Reputation point
    2020-09-16T08:41:38.543+00:00

    Any update on this when it can be fixed or if you have a private fix for it? I guess all customers have problems with this.

    0 comments
  3. INNOXY 1 Reputation point
    2020-09-18T10:19:31.53+00:00

    Thank you @Davide Radice for your interim fix, hope MS will fix this soon. 

    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId"
    0 comments
  4. DonPick 1,256 Reputation points
    2020-09-25T10:39:35.543+00:00

    MS acknowledged https://learn.microsoft.com/en-us/windows/release-information/status-windows-10-1607-and-windows-server-2016#1482msgdesc 

    The resulting error dialog provides options to continue using the Management Console to view other nodes normally. Note: This issue does not affect the application of the Security Options or any other Group Policy Objects (GPOs) to devices in your environment.  
  
Affected platforms:  
Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607  
Server: Windows Server 2016  
Workaround: To mitigate this issue, you can install Remote Administrative tools on a device running Windows 10, version 1709 or later. This will allow you to run Group Policy Management Console and edit GPOs on the affected server.  
  
Next steps: We are working on a resolution and will provide an update in an upcoming release.
    0 comments