POSSIBLE BUG: On Server 2012 R2, When the Policy "Domain controller: Allow vulnerable Netlogon secure channel connections"* is set to NOT DEFINED, this registry key STILL contains old PREVIOUSLY set entries (security descriptors) in the list!
[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"vulnerablechannelallowlist"

Details: When you enable the policy "Domain controller: Allow vulnerable Netlogon secure channel connections" and add a user account or security group and then later disable the policy by setting it to Not Defined, the associated registry key is NOT cleared.

*Reference: How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472
See Section Section 3b
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

Windows Server 2016 patching took 7 hours to apply 5 patches on several servers... is it expected? Please we need resolution of this issue ...
Clients will prevent patching now as they could not accept this delay and prefer to take the risk!!! status!!
We need ideas to bypass this issue and work with this slowness if possibe.

Any progress?

Thanks,
Dom
We are going in a crazy

Windows Server 2016 patching is taking a long time. Any progress since 2017 when the issue was already posted?
Yesterday for 2 patches it took 90 minutes, it is essentially the Windows Server 2016 cumulative which is taking for ever to be processed.
What could be done to progress!!!

IE is dead!
But it is not possible to use an other browser for import updates from update catalog!
Why is there no support for Edge Chromium until now ?
OR: WSUS gets possible to import patches in any other way.

innstalere wabscam

We are not able to search the installed patches and Kb/Hot fix in Server 2019 same as 2012R2 Servers.

Please fix Windows Updates on Server 2016 to allow more control in search and installing updates, similar to previous Windows Server versions. The inability to control which updates can be applied is outrageous! The ability for updates to install without any control is mind boggeling. FIX THIS AT ONCE!!!

i have no idea

On Server 2019 you should have the option to see the newly released updates, select which ones to install, and be able to manually install them when desired in all situations. Updates should not be automatically installed.

We're installing to D:... on command line but application ignores the installation option. Log attached.
MSI (s) (74:68) [16:46:59:878]: Command Line: INSTALLDIR=d:\Program Files\Windows Admin Center SMEPORT=443 SMETHUMBPRINT=XYZ SSLCERTIFICATEOPTION=installed CURRENTDIRECTORY=D:\temp CLIENTUILEVEL=3 CLIENTPROCESSID=372

Scary part about Windows Server patching is when Microsoft issues a buggy patches that disables SQL server, Exchange server or causes BSODs! We have seen all of that lately causing widespread chaos for Systems Administrators. Always WAIT for patches to be one or two months old if possible before deploying. You do not want to volunteer to be a Microsoft Patch Beta Tester! Luckily Microsoft has a method to boot offline to a USB stick or CDROM now that lets you undo the bad patch on an unbootable system but still causes a lot of stress and headaches for sysadmins.

I have posted on Technet forums about this as well: Windows Malicious Software Removal Tool November 2019 reinstalling each time I run Windows Update on Windows Server 2019 (build 17763.864 ) . It ia not re-downloaded, just re-installed (re-ran) Is this a bug? I guess so, I hope the machine is not infected with some nasty thing.

need to change boot flag in second partition how get back there to do that

Hi,

That is a bug in Windows Server 2019!

We have Group Policy for Windows Updates and use in our infrastracture WSUS. According to Group Policy, the updates will be downloaded to the system, and then an administrator will install manually the downloaded updates.

We tested Windows Updates onsome Windows Server 2019 machines.

If the click "Check for updates", then the updates will be downloaded and automatically installed!!! That is fatal!

If I check "View configured update policy", then our policy are listed for the updates. It seems all are correct.

"BUG by Design"?

Best regards

Birdal

Using the following PowerShell snipet to remove the binaries from unused roles and features worked great in Windows Server 2012-2016.

Get-WindowsFeature | Where-Object {$PSItem.InstallState -eq "Available"} | Uninstall-WindowsFeature -Remove

When used in conjunction with Features on Demand this results in smaller install footprints for VMs and VM templates. Doing so in Windows Server 2019 breaks future CU installs due to the new PSFX update engine (error code 0x800F0982 PSFXEMATCHINGCOMPONENTNOT_FOUND is returned).