Windows Update KB4462917: Issue with Domain Controllers

[German]A brief information for administrators in corporate environments running domain controllers with Active Directory domains. October 2018 update KB4462917 for Windows 10 V1607 and Windows Server 2016 causes issues with domain controller promotions for new Active Directory domains in existing forests.

Update KB4462917 for Windows 10

Update KB4462917 was released on October 9, 2018 for Windows 10 V1607 (Enterprise and Education) and Windows Server 2016. It raises the OS build to 14393.2551 and is supposed to fix a vulnerability in the Microsoft JET Database Engine. I reported about the update in the article Patchday Windows 10-Updates (October 9, 2018).

Issues with Domain Controllers in new AD domains

According to a tip from German MVP colleague Meinolf Weber, there seem to be issues with domain controllers that manage Active Directory domains in forests. The blog post from MVP Sander Berkouwer reported, that update KB4462917 causes issues on Windows Server 2016 when switching to the Active Directory domain controller.

The issue occurs when you have an Active Directory Domain Services (AD DS) environment with the optional Active Directory Recycle Bin feature enabled. Then you may want to implement a new Windows Server 2016-based domain controller for a new Active Directory domain in this environment.

To do this, use the Add a new domain to an existing forest option in the Active Directory Domain Services Configuration Wizard or in the PowerShell Cmdlet Install-ADDSDomain. In this scenario, subdomain creation fails. When you use the Active Directory Domain Services Configuration Wizard, you see the following information:

An error occurred while trying to configure this machine as a Domain Controller

The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.

"The replication operation encountered a database error."

When you use the PowerShell cmdlet Install-ADDSDomain, you receive the following error:

Install-ADDSDomain : The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.

"The replication operation encountered a database error."

The issue is caused by the optional Active Directory Recycle Bin feature. If update KB4462917 is uninstalled, the error disappears. The blog post contains further information about the problem, with the blog author also suspecting that the error might be caused by the following updates:

Anyone affected who can confirm that?

This entry was posted in issue, Windows and tagged , , , . Bookmark the permalink.

One Response to Windows Update KB4462917: Issue with Domain Controllers

  1. Matt says:

    Yes I have this problem in 2019 Data Center as well

Leave a Reply to Matt Cancel reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).