KB4509475 updates Windows 10 1607 to build 14393.3056

Microsoft rolls KB4509475 cumulative update for Windows 10 1607 users which in turn enhances the existing build to 14393.3056. With this release, the Company brings remarkable fixes in Storage Area Network (SAN), Target failed to respond in time for a login request, Start menu. Furthermore, there are also some known issues in vfpext.sys, in Bitlocker recovery mode, and in others.

The Company has already provided a temporary solution to this, however, wait for the next upcoming release to get the permanent solution. You can download KB4509475 as .msi files by visiting the link provided at the end of this guide. Today, in this tutorial, we guide on how to incorporate these improvements. Here is the complete catalog of  Windows 10 cumulative updates.


Fixes and Improvements

The key changes that came along with KB4509475 are as follow-

  • The team expert works upon an issue that earlier blocks devices to connect the Storage Area Network services using the Internet Small Computer System Interface. Actually, this bug started after installing KB4499177 on v1607. During this issue, windows users also observe some errors in the System log section under the Event Viewer. Besides, they encountered an Event ID 43 from ISCSI port along with a description –

Target failed to respond in time for a login request.

  • With this patch KB4509475, the Start menu will not quit working. This issue mainly occurs when you select the Power button on the Start menu.


Known Issues on KB4509475 

Symptom Workaround

There occurs a problem for the Hosts that are administered by SCVMM. This is because SCVMM can’t enumerate or even run logical switches that are deployed on the hosts after each update installation.

In case, you don’t follow the best practices, there appears a stop bug in vfpext.sys on the hosts.

Sol– To solve the above issue, you must follow either of these two solutions-

  1. Perform mofcomp among the following mof files on the affected host-
    • Scvmmswitchportsettings.mof
    • VMMDHCPSvr.mof
  2. Follow the best approaches while patching so as to bypass a stop error in vfpext.sys while working on an SDN v2 environment (NC managed hosts).

After installing KB4467684, the cluster service won’t start rather demonstrating the following error message-

“2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length”

Basically, this issue arises when one uses more than 14 characters on the cluster services.

Sol– To solve this, you must set the domain default “Minimum Password Length” policy to use equal or less than 14 characters.

The Company is yet to provide a permanent solution to this trouble.

A few operations, such as rename may result “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)” bug.

This error message arises only if you perform above operations on a Cluster Shared Volume (CSV). The above bug may also occur if one uses a Non-Admin account to perform alike operations on a CSV owner node.

Sol– To fix this problem, you may perform the following tasks-

  1. Carry out the operation using a process that has administrator privilege.
  2. Execute the operation from a node that doesn’t require CSV ownership.

Microsoft is yet to provide a permanent solution to this issue.

After installing KB4509475, some devices may enter into Bitlocker recovery mode and obtain an error message – “0xC0210000” once they restart their PC.

This occurs only for Hyver-V is enabled Windows Server 2016 server.

Sol– As a workaround, you may visit Microsoft.

Wait for some more time as the company is working on a solution to this issue.

Certain apps may not function as they are expected for Active Directory Federation Services 2016 clients. After installing the latest patch KB4509475, such apps use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

Sol– You can use the Allow-From value of the header if the IFRAME is only accessing pages from a single-origin URL.

Or, open PowerShell as Admin and run the following command line on the infected server-

set-AdfsResponseHeaders -SetHeaderName X-Frame-Options -SetHeaderValue "allow-from https://example.com"


How to get KB4509475 cumulative Update

Note: Before going further, do download the latest SSU (KB4503537).

You can download the cumulative update KB4509475 through Windows Update Section. Alternatively,  

You can have this new patch update KB4509475 automatically for your PC through Windows Update. In case, you don’t want to wait, go to the following address download the cumulative update-

 Settings > Update & Security > Windows Update

Once you reach to the above location, press Check for updates option.

You can have the Standalone package by visiting the Microsoft Update catalog.

Source: Microsoft Update Catalogue