Anyone else having user print issues after installing this update on a Windows Server 2016 Standard? We can send jobs to the spooler just fine from the server itself, but a user submitted job is just simply terminated. Problem started happening after installation. We've removed the update on 1 server to test, and it appears that jobs are now printing again properly. Problem is, it's been installed many servers. We will likely uninstall update to remedy issue, but that's not a real solution. Thanks,Michael

GeekNaHalf patching caused quite the commotion for me this morning. I ended up rolling back KB5005573 and restarted the print servers. It would appear that this has been long in the process according to this link: https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve-2021-1678-kb4599464-12a69652-30b9-3d61-d9f7-7201623a8b25 Unfortunately with everyone and anyone making noise about the issue... I did not feel I had enough time to research the root cause. That article would have been nice to be made aware of prior to patching this last weekend. I am currently in the testing phase on that article to see if it works or not. I suspect it will work, but I'm not sure why Microsoft doesn't just address the problem rather than disable a feature that everyone seems to use.

A potential workaround though I have not tested yet: https://borncity.com/win/2021/09/20/windows-september-2021-update-workaround-fr-druckprobleme/RS

Here is what worked for me & other partners in my field. The spoofing vulnerability CVE-2021-1678 has been known for quite some time (in January 2021 Microsoft published something about it, see also my blog post Details of Windows NTLM vulnerability CVE-2021-1678 published). As I now read out from Benjamin Delpy above tweet, this also affects printer RPC binding and authentication for the remote Winspool interface.Microsoft has started to address this vulnerability via security updates in January 2021 and September 2021. To do so, a new registry entry was set that administrators could use to increase or decrease the RPC authentication level. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\PrintWhen the DWORD value RpcAuthnLevelPrivacyEnabled=1 is set, Windows encrypts RPC communication with network printers or print servers. However, this security measure was rolled out in two stages via security update: :Since January 12, 2021, there was a so-called deployment phase for this purpose, in which administrators set this registry valueWith the security update of September 14, 2021, the enforcement phase was initiated, i.e. RPC encryption is active by defaultThe details can be found in the Microsoft support article Managing deployment of Printer RPC binding changes for CVE-2021-1678 (KB4599464). This could explain the connection problems of clients with the Windows printer spooler in various scenarios. It is reported that printing is no longer possible after installing the September 2021 update.This workaround could helpInstead of uninstalling the security update from September 14, 2021, users have come up with the idea of disabling the enforcement mode on the server. If I interpret the above tweet correctly, disabling the relevant settings under:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\on the server to allow printing again. There is the DWORD value:RpcAuthnLevelPrivacyEnabled=0and then restart the print spooler (see this reddit.com thread and in Bleeping Computer's forum). Maybe it will help someone. mramaley

Last night was our patch date here, and we're walking into a mountain of "can't print" tickets this morning across our 1,200 something printer shares.Print servers (2012 R2) can reach our printers, print server can successfully send test jobs. But clients can't print, similar to OP's reported behavior. No output, no error.Also, to quote one report:Spoiler (Highlight to read)the printer shows up in Word to print, but when looking in Settings (Win10) the printer has disappearedthe printer shows up in Word to print, but when looking in Settings (Win10) the printer has disappearedWe're about to try ruling out patch removal from both a print server and client.

We have the same problem. Uninstalling KB5005573 seems to fix the printing issue for windows 10 users, however having less luck w/windows 7 users- keeps asking to reinstall drivers, does so (takes forever to install drivers), then fails to print. rinse and repeat... I'm actively looking for solution, and will post what I find to all forums I visit, please reciprocate in kind? Thx,RS

Unable to Print after installing 2021-09 Cumulative Update (KB5005573)

isodosgr
Copper Contributor
Oct 25, 2021
Here is what worked for me & other partners in my field.

The spoofing vulnerability CVE-2021-1678 has been known for quite some time (in January 2021 Microsoft published something about it, see also my blog post Details of Windows NTLM vulnerability CVE-2021-1678 published). As I now read out from Benjamin Delpy above tweet, this also affects printer RPC binding and authentication for the remote Winspool interface.
Microsoft has started to address this vulnerability via security updates in January 2021 and September 2021. To do so, a new registry entry was set that administrators could use to increase or decrease the RPC authentication level.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
When the DWORD value RpcAuthnLevelPrivacyEnabled=1 is set, Windows encrypts RPC communication with network printers or print servers. However, this security measure was rolled out in two stages via security update: :
Since January 12, 2021, there was a so-called deployment phase for this purpose, in which administrators set this registry value
With the security update of September 14, 2021, the enforcement phase was initiated, i.e. RPC encryption is active by default
The details can be found in the Microsoft support article Managing deployment of Printer RPC binding changes for CVE-2021-1678 (KB4599464). This could explain the connection problems of clients with the Windows printer spooler in various scenarios. It is reported that printing is no longer possible after installing the September 2021 update.
This workaround could help
Instead of uninstalling the security update from September 14, 2021, users have come up with the idea of disabling the enforcement mode on the server.

If I interpret the above tweet correctly, disabling the relevant settings under:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\
on the server to allow printing again. There is the DWORD value:
RpcAuthnLevelPrivacyEnabled=0
and then restart the print spooler (see this reddit.com thread and in Bleeping Computer's forum). Maybe it will help someone.

mramaley
- Karumu505
  Copper Contributor
  Oct 29, 2021
  I have tried this workaround on server 2012 r2 and when i navigate to the entry, i cannot find the rpc dword entry, and the september update is not showing as installed on the server. However still getting problems with windows 7 clients not printing... Any ideas?
  - nic-groupIT
    Copper Contributor
    Oct 29, 2021
    I had to create the value as shown in the previous post… works a treat
- nic-groupIT
  Copper Contributor
  Oct 26, 2021
  Thanks for this one - had been removing updates for the last 2 months!
ajc196
Steel Contributor
Oct 14, 2021
So anyone that simply removed September's updates from their server to fix this will see the same thing with any subsequent month's updates as well. This is due to changes Microsoft announced and later enforced in regards to RPC authentication to address a print spooler spoofing vulnerability. (Note that this is a separate issue from the Point & Print admin elevation requirement caused by PrintNightmare mitigations)

https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve-2021-1678-kb4599464-12a69652-30b9-3d61-d9f7-7201623a8b25

https://borncity.com/win/2021/09/20/windows-september-2021-update-workaround-fr-druckprobleme

Disabling enforcement of these RPC auth level changes will make printing work again, i.e. not silently fail.

That said, I've found no documentation or guidance that outlines **why** specifically this RPC auth level enforcement breaks things, and what needs to be accommodated or made different in our environments to not need this workaround.
GeekNaHalf
Copper Contributor
Sep 16, 2021
We have the same problem. Uninstalling KB5005573 seems to fix the printing issue for windows 10 users, however having less luck w/windows 7 users- keeps asking to reinstall drivers, does so (takes forever to install drivers), then fails to print. rinse and repeat...

I'm actively looking for solution, and will post what I find to all forums I visit, please reciprocate in kind?

Thx,
RS
- mramaley
  Copper Contributor
  Sep 16, 2021
  Thankfully I'd only rolled it out to a handful of the servers we have deployed, so it wasn't too hard to uninstall and get things back to normal. Was supposed to complete all servers over the weekend, that isn't going to happen now.
  
  Night now, our fix is to not install. But will update you if we come up with anything else.
  
  Michael
  - GeekNaHalf
    Copper Contributor
    Sep 16, 2021
    Here are the KB's to watch out for: (that I've found so far)
    2016 - KB5005573 2019 - KB5005568 2012 - KB5005613
    
    RS
ajc196
Steel Contributor
Sep 16, 2021
Last night was our patch date here, and we're walking into a mountain of "can't print" tickets this morning across our 1,200 something printer shares.

Print servers (2012 R2) can reach our printers, print server can successfully send test jobs. But clients can't print, similar to OP's reported behavior. No output, no error.

Also, to quote one report:

Spoiler
the printer shows up in Word to print, but when looking in Settings (Win10) the printer has disappeared
We're about to try ruling out patch removal from both a print server and client.

Forum Discussion

Unable to Print after installing 2021-09 Cumulative Update (KB5005573)

This workaround could help

Share

Resources