Windows Server 2019 Domain Controller – Ready for production ! (KB4516077) – Phil’s Blog

Hi everyone

Today I wanted to share a new, the KB4516077 is out and a *lot* of fix for the 2019 is in, for the ADDC’s roles.

Addresses an issue that causes File Explorer to report the number or the size of files and folders incorrectly when they use long paths.
Addresses an issue that causes unnecessary restart requests on servers.
Addresses an issue with diagnostic data processing during the Windows Out of Box Experience (OOBE) sequence.
Addresses an issue that prevents a web browser from connecting securely to Windows Server. This occurs when using a client authentication certificate, such as a SHA512-based certificate, and the web browser does not support a signature algorithm that matches the certificate.
Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) to stop working with an “0xc0000005” error.
Addresses an issue that prevents the BitLocker recovery key from being successfully backed up to Azure Active Directory.
Addresses an issue that leads to excessive memory utilization in Microsoft Defender Advanced Threat Protection (ATP).
Addresses a possible compatibility issue when Microsoft Defender Advanced Threat Protection (ATP) accesses case-sensitive Server Message Block (SMB) shares.
Improves the detection accuracy of Microsoft Defender ATP Threat & Vulnerability Management.
Addresses an issue that gives a Windows Hello for Business user two certificates for authentication during certificate renewal instead of one certificate.
Addresses an issue that causes the lsass.exe service to stop working, which causes the system to shut down. This occurs when migrating Data Protection API (DPAPI) credentials using dpapimig.exe with the –domain option.
Addresses an issue that may cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd).
Addresses an issue that prevents you from running the Active Directory Diagnostics Data Collector Set from the Performance Monitor for Domain Controllers. This causes the Data Collector Set name to appear empty. Running the Active Directory Diagnostics Data Collector Set returns the error, “The system cannot find the file specified.” Event ID 1023 is logged with the source as Perflib and the following messages:
- “Windows cannot load the extensible counter DLL “C:\Windows\system32\ntdsperf.dll.”
- “The specified module could not be found.”
Addresses an issue in which the product description of Windows Server 2019 was incorrect when queried using slmgr /dlv.
Addresses an issue that may cause authentication to fail for certificate-based authentication when the certificate authentication includes a cname as part of the pre-authentication request.
Addresses a Lightweight Directory Access Protocol (LDAP) runtime issue for Domain Controller Locator-style LDAP requests. The error is, “Error retrieving RootDSE attributes, data 8, v4563.”
Addresses an issue that causes LDAP queries that contain LDAP_MATCHING_RULE_IN_CHAIN (memberof:1.2.840.113556.1.4.1941) to intermittently fail on Windows Server 2019 domain controllers. However, these queries do not fail on domain controllers running previous versions of Windows Server.
Addresses an issue that causes group membership changes in Active Directory groups to fail. This occurs if the Lightweight Directory Access Protocol (LDAP) client uses the Security Identifier (SID) Distinguished Name (DN) syntax after installing previous versions of NTDSAI.DLL. In this scenario, an issue with the LdapPermissiveModify (LDAP_SERVER_PERMISSIVE_MODIFY_OID) control causes Active Directory to incorrectly return a “SUCCESS” status even though the group membership change did not occur.
Addresses an issue in which the Set-AdfsSslCertificate script is successful. However, it throws an exception during resource cleanup because the target server-side endpoint is no longer there.
Addresses an issue that may cause a Hyper-V virtual machine and a Hyper-V host to lose network connectivity because of an inconsistency in the media access control (MAC) address learning process. As a result, the Hyper-V virtual switch drops packets.