Microsoft released a new non-security update for Windows Server 2022. It’s addressing a lot of issues. After installation of the new update, your build number will be upped to 20348.859.
One of the annoying issues fixed is a bug that might cause Windows to stop working when you enable Windows Defender Application Control with the Intelligent Security Graph feature turned on.
Changelog for KB501587 Windows Server 2022
Improves the reliability of a push-button reset after an OS upgrade.
- Addresses an issue that makes the tenant restrictions event logging channel inaccessible if you remove the EN-US language pack.
- Updates the Remove-Item cmdlet to properly interact with Microsoft OneDrive folders.
- Addresses an issue that prevents certain troubleshooting tools from opening.
- Addresses an issue that causes port mapping conflicts for containers.
- Addresses an issue that causes Code Integrity to continue trusting a file after the file has been modified.
- Addresses an issue that might cause Windows to stop working when you enable Windows Defender Application Control with the Intelligent Security Graph feature turned on.
- Addresses an issue that triggers lockout policies faster when you use Remote Desktop Protocol (RDP) with fast reconnect and Network Level Authentication (NLA) is disabled. This issue occurs when you call LogonUser() with a blank password.
Provides the option to configure an alternate login ID for an Azure Multi-Factor Authentication (MFA) Active Directory Federation Services (AD FS) adapter for on-premises scenarios. You can disable the alternate login ID as required. To configure the Azure MFA ADFS adapter to ignore an alternate login ID, run the following PowerShell command:
- Set-AdfsAzureMfaTenant -TenantId ‘<TenandID>’ -ClientId ‘<ClientID>’ -IgnoreAlternateLoginId $true.To restart the ADFS service on each server in the farm, use the Restart-Service adfssrv PowerShell command.By default, the adapter configuration will not ignore alternate login ID (IgnoreAlternateLoginId = $false) unless explicitly set to $true as in the command above.
- Reduces the overhead of resource contention in high input/output operations per second (IOPS) scenarios that have many threads contending on a single file.
- Addresses an issue that prevents the Storage Migration Service (SMS) from completing inventory on servers that have many shares. The system logs error event 2509 in Microsoft-Windows-StorageMigrationService/Admin channel (ErrorId=-2146233088/ErrorMessage=”Invalid table id”).
Addresses an issue that causes the Windows profile service to fail sporadically. The failure might occur when signing in. The error message is, “gpsvc service failed to sign in. Access denied”.