April 18, 2017—KB4015553 (Preview of Monthly Rollup)

View products that this article applies to.

Release Date:

Apr 18, 2017

Version:

Preview of Monthly Rollup

Improvements and fixes

This non-security update includes improvements and fixes that were a part of Monthly Rollup KB4015550 (released April 11, 2017) and also includes these new quality improvements as a preview of the next Monthly Rollup update:

Addressed an issue that may cause the WSMan Service (WsmSvc) to crash randomly when multiple Windows Remote Management (WinRM) requests are being executed in the WSMan Service.
Addressed issue where the Event subscription service stops working, does not send events to the collector server, and drop events when using Windows Remote Management (WinRM) and event forwarding.
Addressed high CPU utilization by the Wmiprvse.exe process on a computer that is running Windows 8.1 or Windows Server 2012 R2. If you run scripts or use software that queries WMI, the Wmiprvse.exe process may consume a lot of CPU resources even after you stop the script or software.
Addressed issue where Hyper-V hosts may crash when performing incremental backups with Change Block Tracking (CBT) enabled.
Addressed issue where the Network File System (NFS) server may not return all the directory entries to the NFS client that issues the ‘ls’ command using the NFS v3 protocol.
Addressed issue where the read or write operation on a file that is being archived (converted) is declined, which causes a crash.
Addressed issue where Active Directory servers become unresponsive and must be rebooted when they have a heavy load of services using group-managed service accounts (gMSAs).
Addressed issue that caused backups to fail on Hyper-V clusters with CSV volumes enabled.
Addressed issue where MPIO did not properly restore service after the check condition "Illegal request, LUN not available (sense codes 05/25/00)" occurs.
Addressed issue where a node cluster experiences sporadic crashes during high I/O activities such as backup or maintenance windows. Error: Common bucket ID (WIN8_DRIVER_FAULT) - 0x3B_msiscsi!iSpReleaseConnectionReferences
Addressed issue where the printer cannot print OPENGL rastered graphics after installing any of the following updates: KB3164035, KB3205394, KB3207752, KB3212646 and KB4012215.
Updated the Access Point Name database.
Addressed issue where the BADVERS return path is broken for queries with an unknown Extension Mechanisms for DNS (EDNS) version.
Addressed issue that causes poor CPU performance when Virtual Switch Ports leak when a machine is migrated live from one host to another.
Addressed issue where Internet Information Server returns an incorrect 500.19 internal server error for certain URIs.
Addressed issue to updated time zone information.
Addressed issue where thin clients connected to the server fail (STOP 0x3B) and unsaved data is lost.
Addressed issue where an application that uses Windows Presentation Foundation technology, the mouse, and the touchscreen intermittently stop responding.
Addressed issue where retrieval of the Certificate Revocation List (CRL) from Certification Authority (CA) using the Simple Certificate Enrollment Protocol (SCEP) fails.
Addressed excessive memory usage in LSASS when evaluating an LDAP filter over a large record set on domain controllers.

↑ Back to the top

Known issues in this update

Symptom	Workaround / Resolution
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.	This issue is resolved by KB4022726.
If a Server 2012 R2 system uses an Intel Xeon (E3 v6) family of processors, installing this update will block downloading and installing future Windows updates.	This issue is resolved by KB4022726.
After installing this update on computers where event forwarding is enabled, the WinRM service may crash. You may also experience a system performance issue, or logon may stop responding because of a deadlock in the WinRM service. Note This applies to all KBs released from April 18, 2017 through January 8, 2018.	This issue is resolved in KB4057401.
This update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected.	Microsoft is working on a resolution and will provide an update in an upcoming release. For more information about this issue, see the following section.

More information about the iSCSI issue

Windows Server 2012 R2 and Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:

The operating system stops responding
You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.
User log on failures occur together with a "No Logon Servers Available" error.
Application and service failures occur because of ephemeral port exhaustion.
An unusually high number of ephemeral ports are being used by the System process.
An unusually high number of threads are being used by the System process.

Cause

This issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:

Windows Server 2012 R2

Release date	KB	Article title
May 16, 2017	KB 4015553	April 18, 2017—KB4015553 (Preview of Monthly Rollup)
May 9, 2017	KB 4019215	May 9, 2017—KB4019215 (Monthly Rollup)
May 9, 2017	KB 4019213	May 9, 2017—KB4019213 (Security-only update)
April 18, 2017	KB 4015553	April 18, 2017—KB4015553 (Preview of Monthly Rollup)
April 11, 2017	KB 4015550	April 11, 2017—KB4015550 (Monthly Rollup)
April 11, 2017	KB 4015547	April 11, 2017—KB4015547 (Security-only update)
March 21, 2017	KB 4012219	March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2

Windows Server 2016 RTM (RS1)

Release date	KB	Article title
May 16, 2017	KB 4023680	May 26, 2017—KB4023680 (OS Build 14393.1230)
May 9, 2017	KB 4019472	May 9, 2017—KB4019472 (OS Build 14393.1198)
April 11, 2017	KB 4015217	April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083)

Verification

Verify the version of the following MSISCSI driver on the system:

c:\windows\system32\drivers\msiscsi.sys

The version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016.

The following events are logged in the System log:

Event source	ID	Text
iScsiPrt	34	A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name.
iScsiPrt	39	The Initiator sent a task management command to reset the target. The target name is given in the dump data.
iScsiPrt	9	Target did not respond in time for a SCSI request. The CDB is given in the dump data.

Review the number of threads that are running under the System process, and compare this to a known working baseline.
Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.
Review the number of ephemeral ports that are being used by the System process.
From an administrative Powershell, run the following command:

Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count

Or, from an administrative CMD prompt, run the following NETSTAT command together with the "Q" switch. This shows "bound" ports that are no longer connected:

NETSTAT –ANOQ

Focus on ports that are owned by the SYSTEM process.

For the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.

Resolution

If the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available.

Note We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.

↑ Back to the top

How to get this update

This is provided as an Optional update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Prerequisites
To apply this update, you must have the Windows 8.1 and Windows Server 2012 R2 update: April 2014 (KB2919355) installed.
File information
For a list of the files that are provided in this update, download the file information for cumulative update KB4015553.

↑ Back to the top