Resolved issues in Windows 10, version 1607 and Windows Server 2016

Find information on recently resolved issues for Windows 10, version 1607 and Windows Server 2016. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge). For immediate help with Windows update issues, use Get Help in Windows or go to support.microsoft.com. Follow @WindowsUpdate on Twitter for Windows release health updates.


Resolved issues

SummaryOriginating updateStatusDate resolved
Application shortcuts might not work from the Start menu or other locations
Errors might be observed when trying to run exe files. Changes to Microsoft Defender can help.
N/A

Resolved
2023-01-18
19:28 PT
Database connections using Microsoft ODBC SQL Server driver might fail.
Apps using ODBC connections might fail to connect to databases.
OS Build 14393.5501
KB5019964
2022-11-08
Resolved
KB5022289
2023-01-10
10:00 PT
Possible memory leak in Local Security Authority Subsystem Service (LSASS,exe)
LSASS might use more memory over time and the DC might become unresponsive and restart.
OS Build 14393.5501
KB5019964
2022-11-08
Resolved
KB5021235
2022-12-13
10:00 PT
Sign in failures and other issues related to Kerberos authentication
After installing updates released November 2022, you might have Kerberos authentication issues.
OS Build 14393.5501
KB5019964
2022-11-08
Resolved
KB5021654
2022-11-17
14:00 PT
Possible issues caused by Daylight Savings Time change in Jordan
Jordanian government announced a Daylight Saving Time (DST) change for winter 2022.
N/A

Resolved
KB5019964
2022-11-08
10:00 PT
Possible issues caused by new Daylight Savings Time in Chile
Chilean government announced a Daylight Saving Time (DST) change for 2022.
N/A

Resolved
KB5018411
2022-10-11
10:00 PT
SSL/TLS handshake might fail
We have received reports that some types of SSL and TLS connections might have handshake failures.
OS Build 14393.5427
KB5018411
2022-10-11
Resolved
KB5020439
2022-10-18
14:00 PT
Copying files/shortcuts using Group Policy Preferences might not work as expected
Files or shortcuts might not copy or copy as zero-byte files when using Group Policy Preferences on client devices.
OS Build 14393.5356
KB5017305
2022-09-13
Resolved
KB5018411
2022-10-11
10:00 PT

Issue details

January 2023

Application shortcuts might not work from the Start menu or other locations

StatusOriginating updateHistory
ResolvedN/A

Resolved: 2023-01-18, 19:28 PT
Opened: 2023-01-13, 13:40 PT

After installing security intelligence update build 1.381.2140.0 for Microsoft Defender, application shortcuts in the Start menu, pinned to the taskbar, and on the Desktop might be missing or deleted. Additionally, errors might be observed when trying to run executable (.exe) files which have dependencies on shortcut files. Affected devices have the Atack Surface Reduction (ASR) rule "Block Win32 API calls from Office macro" enabled. After installing security intelligence build 1.381.2140.0, detections resulted in the deletion of certain Windows shortcut (.lnk) files that matched the incorrect detection pattern.

Windows devices used by consumers in their home or small offices are not likely to be affected by this issue.

Workaround: Changes to Microsoft Defender can mitigate this issue. The Atack Surface Reduction (ASR) rules in Microsoft Defender are used to regulate software behavior as part of security measures. Changing ASR rules to Audit Mode can help prevent this issue. This can be done through the following options:

Microsoft Office applications can be launched through the Microsoft 365 app launcher. More details on the Microsoft 365 app launcher can be found in Meet the Microsoft 365 app launcher

Next steps: This issue is resolved in security intelligence update build 1.381.2164.0. Installing security intelligence update build 1.381.2164.0 or later should prevent the issue, but it will not restore previously deleted shortcuts. You will need to recreate or restore these shortcuts through other methods. For additional information and help recovering missing shortcuts, see Recovering from Attack Surface Reduction rule shortcut deletions (updated on January 17, 2023 to include additional guidance and scripts to help with recovery).

Affected platforms:

  • ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB
  • ​Server: None

December 2022

Database connections using Microsoft ODBC SQL Server driver might fail.

StatusOriginating updateHistory
Resolved KB5022289OS Build 14393.5501
KB5019964
2022-11-08
Resolved: 2023-01-10, 10:00 PT
Opened: 2022-12-05, 15:45 PT

After installing KB5019964, apps which use ODBC connections utilizing the Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might fail to connect. You might receive an error within the app or you might receive an error from SQL Server, such as "The EMS System encountered a problem" with "Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream" or "Message: [Microsoft][ODBC SQL Server Driver]Unknown token received from SQL Server". Note for developers: Apps affected by this issue might fail to fetch data, for example when using the SQLFetch function. This issue might occur when calling SQLBindCol function before SQLFetch or calling SQLGetData function after SQLFetch and when a value of 0 (zero) is given for the ‘BufferLength’ argument for fixed datatypes larger than 4 bytes (such as SQL_C_FLOAT).

If you are unsure if you are using any affected apps, open any apps which use a database and then open Command Prompt (select Start then type command prompt and select it) and type the following command:

tasklist /m sqlsrv32.dll

Workaround: To mitigate this issue, you can do one of the following:

  • ​If your app is already using or able to use Data Source Name (DSN) to select ODBC connections, install Microsoft ODBC Driver 17 for SQL Server and select it for use with your app using DSN. Note: We recommend the latest version of Microsoft ODBC Driver 17 for SQL Server, as it is more compatible with apps currently using the legacy Microsoft ODBC SQL Server Driver (sqlsrv32.dll) than Microsoft ODBC Driver 18 for SQL Server.
  • ​If your app is unable to use DSN, the app will need to be modified to allow for DSN or to use a newer ODBC driver than Microsoft ODBC SQL Server Driver (sqlsrv32.dll).

Resolution: This issue was resolved in KB5022289. If you have implemented the above workaround, it is recommended to continue using the configuration in the workaround.

Affected platforms:

  • ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

November 2022

Possible memory leak in Local Security Authority Subsystem Service (LSASS,exe)

StatusOriginating updateHistory
Resolved KB5021235OS Build 14393.5501
KB5019964
2022-11-08
Resolved: 2022-12-13, 10:00 PT
Opened: 2022-11-23, 17:54 PT

After installing KB5019964 or later updates on Domain Controllers (DCs), you might experience a memory leak with Local Security Authority Subsystem Service (LSASS,exe). Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart. Note: The out-of-band updates for DCs released November 17, 2022 and November 18, 2022 might be affected by this issue.

Workaround: To mitigate this issue, open Command Prompt as Administrator and use the following command to set the registry key KrbtgtFullPacSignature to 0:

reg add "HKLM\System\CurrentControlSet\services\KDC" -v "KrbtgtFullPacSignature" -d 0 -t REG_DWORD

Note: Once this known issue is resolved, you should set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow. It is recommended to enable Enforcement mode as soon as your environment is ready. For more information on this registry key, please see KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967.

Resolution: This issue was resolved in KB5021235. If you used the above workaround, please see KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967 for further information on how to configure KrbtgtFullPacSignature.

Affected platforms:

  • ​Client: None
  • ​Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Sign in failures and other issues related to Kerberos authentication

StatusOriginating updateHistory
Resolved KB5021654OS Build 14393.5501
KB5019964
2022-11-08
Resolved: 2022-11-17, 14:00 PT
Opened: 2022-11-13, 15:16 PT

Updated November 18, 2022: Added update information for Windows Server 2008 R2 SP1.

After installing updates released on November 8, 2022 or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication. This issue might affect any Kerberos authentication in your environment. Some scenarios which might be affected:

When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text. Note: affected events will have "the missing key has an ID of 1":

While processing an AS request for target service <service>, the account <account name> did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18 3. The accounts available etypes : 23 18 17. Changing or resetting the password of <account name> will generate a proper key.

Note: This issue is not an expected part of the security hardening for Netlogon and Kerberos starting with November 2022 security update. You will still need to follow the guidance in these articles even after this issue is resolved.

Windows devices used at home by consumers or devices which are not part of a on premises domain are not affected by this issue. Azure Active Directory environments that are not hybrid and do not have any on premises Active Directory servers are not affected.

Resolution: This issue was resolved in out-of-band updates released November 17, 2022 and November 18, 2022 for installation on all the Domain Controllers (DCs) in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.

To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. Note The below updates are not available from Windows Update and will not install automatically.

Cumulative updates:

Note: You do not need to apply any previous update before installing these cumulative updates. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Standalone Updates:

Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of November 2022. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Monthly rollup updates are cumulative and include security and all quality updates. If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released November 8, 2022 to receive the quality updates for November 2022. If you have already installed updates released November 8, 2022, you do not need to uninstall the affected updates before installing any later updates including the updates listed above.

Affected platforms:

  • ​Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

October 2022

Possible issues caused by Daylight Savings Time change in Jordan

StatusOriginating updateHistory
Resolved KB5019964N/A

Resolved: 2022-11-08, 10:00 PT
Opened: 2022-10-21, 14:34 PT

On October 5, 2022, the Jordanian government made an official announcement ending the winter-time Daylight Saving Time (DST) time zone change. Starting at 12:00 a.m. Friday, October 28, 2022, the official time will not advance by an hour and will permanently shift to the UTC + 3 time zone. 

The impact of this change is as follows: 

  1. ​Clocks will not be advanced by an hour at 12:00 a.m. on October 28, 2022 for the Jordan time zone. 
  2. ​The Jordan time zone will permanently shift to the UTC + 3 time zone. 

Symptoms if no update is installed and the workaround is not used on devices in the Jordan time zone on October 28, 2022 or later:

  • ​Time shown in Windows and apps will not be correct.
  • ​Apps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.
  • ​Automation using date and time, such as Scheduled tasks, might not run at the expected time.
  • ​Timestamp on transactions, files, and logs will be 60 minutes off.
  • ​Operations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.
  • ​Windows devices and apps outside of Jordan might also be affected if they are connecting to servers or devices in Jordan or if they are scheduling or attending meetings taking place in Jordan from another location or time zone. Windows devices outside of Jordan should not use the workaround, as it would change their local time on the device.

Workaround: You can mitigate this issue on devices in Jordan by doing either of the following on October 28, 2022, if an update is not available to resolve this issue for your version of Windows:

  • ​Select the Windows logo key, type "Date and time", and select Date and time settings. From the Date & time settings page, toggle Adjust for daylight saving time automatically to Off.
  • ​Go to Control Panel Clock and Region Date and Time Change time zone and uncheck the option for “Automatically adjust clock for Daylight Saving Time”.

Important: We recommend using ONLY the above workaround to mitigate the issue with time created by the new Daylight Savings Time in Jordan. We do NOT recommend using any other workaround, as they can create inconsistent results and might create serious issues if done incorrectly.

Resolution: This issue was resolved in KB5019964.

Affected platforms:

  • ​Client: Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

SSL/TLS handshake might fail

StatusOriginating updateHistory
Resolved KB5020439OS Build 14393.5427
KB5018411
2022-10-11
Resolved: 2022-10-18, 14:00 PT
Opened: 2022-10-11, 19:31 PT

Microsoft has received reports that after installing KB5018411, some types of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) connections might have handshake failures. Note for developers: Affected connections are likely to be sending multiple frames within a single input buffer, specifically one or more complete records with a partial record that is less than 5 bytes all sent in a single buffer. When this issue is encountered, your app will receive SEC_E_ILLEGAL_MESSAGE when the connection fails.

If you are experiencing issues, please use feedback hub to file a report following the below steps:

  1. ​Launch Feedback Hub by opening the Start menu and typing "Feedback hub", or pressing the Windows key + F
  2. ​Fill in the "Summarize your feedback" and "Explain in more detail" boxes, then click Next.
  3. ​Under the "Choose a category" section, ensure the "Problem" button, "Devices and Drivers" category, and "Print" subcategory are all selected. Click Next.
  4. ​Under the "Find similar feedback" section, select the "Make new bug" radio button and click Next.
  5. ​Under the "Add more details" section, supply any relevant detail (Note this is not critical to addressing your issue).
  6. ​Expand the "Recreate my problem" box and press "Start recording". Reproduce the issue on your device.
  7. ​Press "Stop recording" once finished. Click the "Submit" button.

For additional information, see Send feedback to Microsoft with the Feedback Hub app.

Resolution: This issue was resolved in the out-of-band update KB5020439. It is a cumulative update, so you do not need to apply any previous update before installing it. To get the standalone package for KB5020439, search for it in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update CatalogNote KB5020439 is not available from Windows Update and will not install automatically.

Affected platforms:

  • ​Client: Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1

September 2022

Possible issues caused by new Daylight Savings Time in Chile

StatusOriginating updateHistory
Resolved KB5018411N/A

Resolved: 2022-10-11, 10:00 PT
Opened: 2022-09-02, 13:17 PT

Starting at 12:00 a.m. Saturday, September 10, 2022, the official time in Chile will advance 60 minutes in accordance with the August 9, 2022 official announcement by Chilean government about a Daylight Saving Time (DST) time zone change. This moves the DST change which was previously September 4 to September 10.

Symptoms if the workaround is not used on devices between September 4, 2022 and September 11, 2022:

  • ​Time shown in Windows and apps will not be correct.
  • ​Apps and cloud services which use date and time for integral functions, such as Microsoft Teams and Microsoft Outlook, notifications and scheduling of meetings might be 60 minutes off.
  • ​Automation using date and time, such as Scheduled tasks, might not run at the expected time.
  • ​Timestamp on transactions, files, and logs will be 60 minutes off.
  • ​Operations that rely on time-dependent protocols such as Kerberos might cause authentication failures when attempting to logon or access resources.
  • ​Windows devices and apps outside of Chile might also be affected if they are connecting to servers or devices in Chile or if they are scheduling or attending meetings taking place in Chile from another location or time zone. Windows devices outside of Chile should not use the workaround, as it would change their local time on the device.

Workaround: This issue is now resolved in KB5018411 but you should undo the workaround, if it is still being used.

You can mitigate this issue on devices in Chile by doing either of the following on September 4, 2022 and undoing on September 11, 2022:

  • ​Select the Windows logo key, type "Date and time", and select Date and time settings. From the Date & time settings page, toggle Adjust for daylight saving time automatically to Off.
  • ​Go to Control Panel Clock and Region Date and Time Change time zone and uncheck the option for “Automatically adjust clock for Daylight Saving Time”.

To mitigate this issue in the Santiago time zone, after 12:00 a.m. on September 11, 2022, and for those in the Easter Islands time zone, after 10:00 p.m. on September 10, 2022, follow the steps below to re-enable automatic DST adjustments and ensure accurate time switching with future DST transitions. This can be done by doing either of the following:

  • ​Select the Windows logo key, type "Date and time", and select Date and time settings. From the Date & time settings page, toggle Adjust for daylight saving time automatically to On.
  • ​Go to Control Panel Clock and Region Date and Time Change time zone and check the option for “Automatically adjust clock for Daylight Saving Time”.

Important: We recommend using ONLY the above workaround to mitigate the issue with time created by the new Daylight Savings Time in Chile. We do NOT recommend using any other workaround, as they can create inconsistent results and might create serious issues if not done correctly.

Resolution: This issue was resolved in KB5018411. Note: If the workaround above was used, it should have been undone on September 11, 2022. Installation of KB5018411 will not change the "Automatically adjust clock for Daylight Saving Time" setting.

Affected platforms:

  • ​Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Copying files/shortcuts using Group Policy Preferences might not work as expected

StatusOriginating updateHistory
Resolved KB5018411OS Build 14393.5356
KB5017305
2022-09-13
Resolved: 2022-10-11, 10:00 PT
Opened: 2022-09-22, 15:23 PT

After installing KB5017305, file copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes. Known affected Group Policy Objects are related to files and shortcuts in User Configuration -> Preferences -> Windows Settings in Group Policy Editor.

Workaround: To mitigate this issue, you can do ONE of the following:

  • ​Uncheck the "Run in logged-on user's security context (user policy option)". Note: This might not mitigate the issue for items using a wildcard (*).
  • ​Within the affected Group Policy, change "Action" from "Replace" to "Update".
  • ​If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotes) from the destination might allow the copy to be successful.

Resolution: This issue was resolved in KB5018411. Installation of KB5018411 prevents and resolves this issue but if any workaround was used to mitigate this issue, it will need to be changed back to your original configuration.

Affected platforms:

  • ​Client: Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Report a problem with Windows updates

To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app

Need help with Windows updates?

Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.

For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.

View this site in your language

This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.