KB4499177 updates Windows 10 1607 to Build 14393.2999 May 23' 2019

Microsoft rolls the KB4499177 patch update that attempts to solve several impending issues such as- FTP, Bitlocker, Azure Active directory, wininet.dll, etc. Furthermore, it contains a series of improvements that make your OS a bit smoother along with updating to Build 14393.2999.

Here, we depict the general enhancements and fixes that came along with the KB4499177 cumulative update. In addition to this, there are some known issues as well that re-appear. Though this patch will be auto-offered through Windows Update, you can manually download its .msi file from the Microsoft Update catalog.

RECENT GUIDE: All Known issues of Windows 10 1903 May 2019 Update

General Fixes and Improvements – Build 14393.2999

Here, we depict the salient changes that came along with this cumulative update-

Updates wininet.dll so that File Transfer Protocol i.e. FTP control sessions stops re-creating itself.
Works upon an issue that simply prohibits OS stacking new icons instead of the previous icons using the bad format.
KB4469068 works to address an issue so that date separator works properly in Japanese Era Calendar.
Update the time zone information for Palestinian Authority and Morocco as well.
Mitigates performance specific issue of case-insensitive string comparison functions such as _stricmp() in the Universal C Runtime.
Resolves a bug that arises KRB_AP_ERR_MODIFIED Kerberos logon failure temporarily on several apps and services. This occurs when you update the account password on apps or services configured to use a Group Managed Service Account (GMSA).
Improves the ScrollLeft issue while browsing on Internet Explorer.
Earlier when users put the empty or null password to sign into apps, it simply fails to display error “Incorrect Username or password”. This occurs only when Windows Defender Credential Guard is configured as enabled. The experts have addressed this issue for now.
Works upon an issue that prompts for a password on Microsoft office or similar apps. This appears once you change the user account password on hybrid Azure Active Directory adjoined systems.
Works upon an issue related to BranchCache once its distribution activates cache mode. BranchCache, in certain situations, might use more disk space than assigned for the republication cache. To resolve this bug, devices that have excelled the disk space assignments must empty BranchCache using the following command-
- netsh branchcache flush

Some Other Fixes

KB4499177 addresses an anomaly that results in Stop D1 error if users increase the RAM capacity of a CPU while working on a Virtual Machine.
Patches an issue in which event 7600 generates an unreadable server name inside the event log of Domain Name System server.
Addresses an anomaly that results in “0x7E” error whilst transferring a Network File System (NFS) File Server role amidst any client is the client.
Resolves a bug that results in rendering to stop working for <svg> elements.
Addresses a bug of Windows Management Instrumentation (WMI) class, Win32_PhysicalMemory. This issue reports 32 GB of memory without a Capacity value.
Works upon an issue that fails to record a local user’s last sign-in even if the user has accessed the server’s network share.
Resolves an anomaly of apps in which it stores incorrect audits and stays not protected by Extranet Smart lockout. This in general, occurs when you use Active Directory Federation Services (ADFS) RichClient to publish them.

KB4499177- Known Issues

The key issues that appear on this patch- update are tabulated below-

Issue 1

You may face issues while opting Preboot Execution Environment (PXE) after KB4499177 installation to start a device from a WDS server which is designed to use Variable Window Extension.

By default, this prematurely terminates any WDS server which attempts to download the images. If you are not using a Variable Windows Extension, you may not receive any bugs similar to this.

Sol – There are 3 different ways that can temporarily fix this bug.

Option 1:

Open Command prompt as Admin then type the following and hit Enter key to execute the same.

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2: Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.
Expand Servers and make a right-click on the WDS server.
Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3: Navigate to below registry key and put “0” in its value field.

“HKLM\System\CurrentControlSet\Services\WDSServer

\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDS-Server service after disabling the Variable Window Extension.

Issue 2

After installing the KB4499177 patch-up, certain operations like renaming of files or folders may subject to fail and hence displays the following error code.

“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”

This occurs only if you perform such operations on a Cluster Shared Volume i.e. CSV. This can also happen if one uses a non-Admin account to perform these functions on a CSV owner node.

Sol – To solve this, perform the following-

Execute the operation using a process that has administrator privilege.
Carry out this operation from a node that doesn’t contain CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Some Other Issues –

Symptom Solution

Once you install the KB4499177 patch update then restart some devices that may result in Windows Server 2016 with Hyper-V enabled to enter into Bitlocker recovery mode and hence receive an error, “0xC0210000”.

Note Windows 10, version 1607 may also be affected when Bitlocker and Hyper-V are enabled.

As a workaround, please visit KB4505821.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Once you download KB4467684, the cluster service may not start and instead display the error- “2245 (NERR_PasswordTooShort)”.

This occurs only if you use more than 14 characters whereas the group policy “Minimum Password Length” is configured to use the opposite.

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.

Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.

To solve this, you may perform the following-

Run mofcomp on mof files inside the affected host, and they are-
- Scvmmswitchportsettings.mof
- VMMDHCPSvr.mof
Follow the best practices while preventing a stop error on vfpext.sys in an SDN v2 environment (NC managed hosts).

How to get KB4499177 update

Before going to install KB4499177, make sure to latch your System with SSU (KB4498947). Doing this will ensure no unwanted errors appear during the update process.

Succeeding after, navigate to the following path- Settings > Update & Security > Windows Update and hit Check for updates option.

In case, you want to download this cumulative update directly, visit the Microsoft Update Catalog website.

Source