Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for March 2020:
Windows Server 2016
We observed the following updates for Windows Server 2016:
KB4540670 March 10, 2020
The March 10, 2020 update for Windows Server 2016 (KB4540670) updating the OS build number to 14393.3564 includes both security and quality improvements.
None of these improvements are Identity-related.
KB4541329 March 17, 2020
The March 10, 2020 update for Windows Server 2016 (KB4541329) updating the OS build number to 14393.3595 includes Active Directory Domain Services and Active Directory Federation Services fixes:
Active Directory Domain Services
The following Active Directory Domain Services fixes are included in KB4541329:
- It addresses an issue that might cause Domain Controllers to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS.<forest root domain> DNS zone. This occurs when Domain Controller computer names contain one or more uppercase characters.
- It addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server's clock is not synchronized with the primary domain controller's clock."
Active Directory Federation Services
This update addresses an issue with high CPU usage on Active Directory Federation Services (AD FS) servers that occurs when the backgroundCacheRefreshEnabled feature is enabled.
Windows Server 2019
We observed the following updates for Windows Server 2019:
KB4538461 March 10, 2020
The March 10, 2020 update for Windows Server 2019 (KB4538461) updating the OS build number to 17763.1098 includes both security and quality improvements.
None of these improvements are Identity-related.
KB4541331 March 17, 2020
The March 17, 2020 update for Windows Server 2019 (KB4541331) updating the OS build number to 17763.1131 includes Active Directory Domain Services and Active Directory Federation Services fixes:
Active Directory Domain Services
The following Active Directory Domain Services fixes are included in KB4541331:
- It addresses an issue that might cause Domain Controllers to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS.<forest root domain> DNS zone. This occurs when Domain Controller computer names contain one or more uppercase characters.
- It addresses an issue that prevents machines that have enabled Credential Guard from joining a domain. The error message is "The server's clock is not synchronized with the primary domain controller's clock."
- It restores the constructed attribute in Active Directory and Active
Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname. - It addresses an issue that creates the Storage Replica administrator group
with the incorrect SAM-Account-Type and Group-Type.
This makes the Storage Replica administrator group unusable when moving the
Primary Domain Controller emulator (PDCe) Flexible Single Master Operations
(FSMO) role.
Active Directory Federation Services
The following Active Directory Federation Services fixes are included in KB4541331:
- It addresses high latency in Active Directory Federation Services (AD FS) response times for globally distributed datacenters in which SQL might be on a remote datacenter.
- It improves the performance for all token requests coming to AD FS, including OAuth, Security Assertion Markup Language (SAML), WS-Federation, and WS-Trust.
- It addresses a high latency issue in acquiring OAuth tokens when AD FS front-end servers and back-end SQL servers are in different datacenters.
- It addresses an issue to prevent SAML errors and the loss of access to third-party apps for users who do not have multi-factor authentication (MFA) enabled.
- It addresses an issue with high CPU usage on Active Directory Federation Services (AD FS) servers that occurs when the backgroundCacheRefreshEnabled feature is enabled.
KB4554354 March 30, 2020
The March 30, 2020 update for Windows Server 2019 (KB4554354) updating the OS build number to 17763.1132 addresses an issue that was introduced with KB4527818 on February 25, 2020. It is not an Identity-related update.
The post On-premises Microsoft Identity-related updates and fixes for March 2020 appeared first on The things that are better left unspoken.