Windows 10 V1607: Update KB4571694 creates ID 5827 events, bricks MMC

[German]Short question to administrators who are still using Windows 10 Enterprise LTSC V1607 or Windows Server 2016 Will the Event Viewer be flooded with Event ID 5827 entries when Update KB4571694 from August 11, 2020 is installed? I already had this topic in my blog, now a blog reader has fallen into the trap. The problem is that the changes requested by Microsoft are not possible via MMC. A DLL is suddenly broken and generates errors.


Advertising

Update KB4571694 for Windows 10 V1607

KB4571694 released on August 11, 2020 is only available for Windows 10 Version 1607: Enterprise LTSC and Windows Server 2016. According to the KB article, the security update includes numerous fixes. Here are the highlights:

  • Updates an issue that causes File Explorer to close unexpectedly when creating shortcuts.
  • Updates for verifying usernames and passwords.
  • Updates to improve security when Windows performs basic operations.
  • Updates for storing and managing files.

Details about the fixes can be found in the support article linked above.

Update KB4571694 causes issues?

I received a reader's message from Black Smith via the social network mewe.com. He installed this update in a DataCenter Server environment with Active Directory (AD) and encountered issues. Here is his description:

Update KB4571694

I blocked this update, but it made its way to several 2016 data center servers. If anyone has any relevant hints why this update explodes the event log on every server belonging to the AD, I would be grateful. Event ID 5827, and if there was an explanation for this mangy behaviour due to the multiple installation…I would be very impressed…

Within my the blog post Windows Domain Controller suddenly generate EventID 5829 warnings (August 11, 2020) I already mentioned the fact that the update from August 11, 2020 generates EventID 5827 – 5829 warnings in the event viewer of Active Directory (AD) domain controllers.

In my blog post I had also referred to a support article from Microsoft with hints how to turn this off. The user has tried to implement the notes in this Microsoft support article How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472, but he failed. He writes that at the point:


Advertising

Navigate in  Group Policy to Computer Configuration > Windows Setting > Security Settings > Local Policy > Security Options

an wsecedit.dll error occurs (see screenshots below). Thus the MMC refuses to include it snap-in (2nd screenshot).

wsecedit.dll Error

MMC-Error

The recommendation within the popup is to relaunch MMC, but didn't help. The environment: Virtualized Server 2016 Datacenter Edition, fully patched, according to information provided by the victim. ESX host 6.7, latest patches. There are 19 affected, Veeam Backup has also stopped working due to authentication errors. Anyone who has had similar experiences or has a tip.

Update KB4577015 seems the root cause

Addendum: According to this German comment, Update KB4577015 from September 2020 is causing the GPO-MMC error. There is a Technet forum post GPMC error for "Security Options" after Updates 2020-09 in Windows Server 2016 Domain Controllers dealing with the issue.


Advertising

This entry was posted in issue, Update, Windows and tagged , , . Bookmark the permalink.

One Response to Windows 10 V1607: Update KB4571694 creates ID 5827 events, bricks MMC

  1. Rogier says:

    On Windows Server 2016 DCs we also have this message in GPO, on our Windows Server 2019 DCs we do not and can edit this setting.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).