Forum Discussion
MNichols
Aug 15, 2024Copper Contributor
KB5041578 causing Windows Server 2019 to be unresponsive
In testing the August 2024 security update for Windows Server 2019 (KB5041578) we are finding the update causes some Windows Server 2019 servers to become unresponsive. There is also a thread on...
TammySanders
Aug 20, 2024Copper Contributor
ausername215 Same problem here. Any response from Microsoft yet?
jbruns2019
Aug 20, 2024Brass Contributor
Here is a response we got from MS which is over the top. We have 1000s of 2019 machines that are not in a domain, so this solution will not work.
I’ve received confirmation from the debugging team to implement the Known Issue Rollback (KIR) policy on the affected devices instead of removing the patch. The instructions below will guide you through applying the fix for the unresponsive issue caused by KB5041578.
Action Plan:
Apply KIR to a single device using Group Policy
To use Group Policy to apply a KIR to a single device, follow these steps:
Download the KIR policy definition MSI file https://download.microsoft.com/download/03c7aacb-1f7b-443d-95e8-6d7d301ac831/Windows%2010%201809%20and%20Windows%20Server%202019%20KB5041578%20240816_21501%20Known%20Issue%20Rollback.msi
Important: Make sure that the operating system that is listed in the .msi file name matches the operating system of the device that you want to update.
Run the .msi file on the device. This action installs the KIR policy definition in the Administrative Template.
Open the Local Group Policy Editor. To do this, select Start, and then enter gpedit.msc.
Select Local Computer Policy > Computer Configuration > Administrative Templates > KBXXXXXXXX XXXXXX_XXXXX Known Issue Rollback > Windows XX, version XXXX and Windows NNNN XXXX
Path
Computer Configuration -> Administrative Templates -> KB5041578 240816_2150 Known Issue Rollback -> Windows 10, version 1809 and Windows Server 2019
Setting
KB5041578 240816_2150 Known Issue Rollback
Value
Disabled
Reboot Requirements
A reboot is required once the device has applied the KIR GP setting
I’ve received confirmation from the debugging team to implement the Known Issue Rollback (KIR) policy on the affected devices instead of removing the patch. The instructions below will guide you through applying the fix for the unresponsive issue caused by KB5041578.
Action Plan:
Apply KIR to a single device using Group Policy
To use Group Policy to apply a KIR to a single device, follow these steps:
Download the KIR policy definition MSI file https://download.microsoft.com/download/03c7aacb-1f7b-443d-95e8-6d7d301ac831/Windows%2010%201809%20and%20Windows%20Server%202019%20KB5041578%20240816_21501%20Known%20Issue%20Rollback.msi
Important: Make sure that the operating system that is listed in the .msi file name matches the operating system of the device that you want to update.
Run the .msi file on the device. This action installs the KIR policy definition in the Administrative Template.
Open the Local Group Policy Editor. To do this, select Start, and then enter gpedit.msc.
Select Local Computer Policy > Computer Configuration > Administrative Templates > KBXXXXXXXX XXXXXX_XXXXX Known Issue Rollback > Windows XX, version XXXX and Windows NNNN XXXX
Path
Computer Configuration -> Administrative Templates -> KB5041578 240816_2150 Known Issue Rollback -> Windows 10, version 1809 and Windows Server 2019
Setting
KB5041578 240816_2150 Known Issue Rollback
Value
Disabled
Reboot Requirements
A reboot is required once the device has applied the KIR GP setting
- TammySandersAug 20, 2024Copper ContributorThanks - my response to Microsoft would be that if I could get logged into the problem system, I would just uninstall the patch myself! How can they expect us to do this when some companies have hundreds of servers that could potentially have this issue. And I don't want to apply this to all systems, because the problem isn't happening on all systems. Ugh. Can't wait to see what September brings!
- jbruns2019Aug 20, 2024Brass Contributor
Makes you wonder if MS even tests any of this. Not the first time a monthy has been bad and won't be the last.
I can remember at least 2 times when RDP fell down after a monthly update.
- ausername215Aug 20, 2024Copper Contributor
TammySanders while it took a little bit i had no issues remotely stopping the cypto service, deleting the data in the folder referenced above and rebooting to resolve the performance issues. There was no need to remove the patch.
speculating here but this has hit a small subset of our systems, specifically systems that were last patched in april 2024 unlike most which was patched the previous month. My thoughts are that systems that have missed previous CU's may be impacted.