Windows 10 / Windows Server Preview Updates (March 22, 2022)

[German]Microsoft has released optional cumulative (preview) updates for 22 March 2022 (D-Week). These are intended to correct various bugs in Windows 10, Windows 11 and in the corresponding Windows Server versions. Below I provide an overview of these updates for Windows 10 and the relevant Windows Server versions.

The information on the updates can be found on the Windows 10 update history page. It should be noted that these updates are so-called preview updates. These are optional and must be manually triggered for download and installation by default.

Update KB5011543 for Windows 10 20H2-21H2/Server 20H2

Cumulative Preview Update KB5011543 is available for Windows 10 20H2 to version 21H2 as well as Windows Server 20H2 and raises the builds to 19042.1620(version 20H2), 19043.1620 (version 21H1) and 19044.1620 (version 21H2). Here is the list of the changes and innovations referred to as highlights:

• Introducing Search Highlights: Search Highlights displays notable and interesting moments for each day, such as holidays, anniversaries and other teachable moments over time, both globally and in your region. To see more details at a glance, hover, click or tap on the illustration in the search box.

  For corporate clients, search highlights will show the latest updates from your organisation and suggest people, files and more.

  Search Highlights will roll out to Windows 10 customers over the next few weeks. Microsoft is taking a gradual and measured approach to this. General availability will occur in the coming months. For more information, see Group configuration: search highlights in Windows.

• Updates an issue that prevents Android device users from signing in to some Microsoft applications, such as Microsoft Outlook or Microsoft Teams.
• Updates an issue that causes the back button of the login window where you log in to become invisible in high-contrast black mode.

Below is the full list of bugs and changes fixed.

• New! Introducing search highlights (siehe oben)
• New! Provides the ability to change the color of toast buttons to identify success and critical scenarios more easily for apps that send notifications using Windows notifications in the OS. This feature also makes notifications more visually compact.
• New! Adds a new policy that expands an app's top three notifications by default in the Action Center for apps that send notifications using Windows notifications in the OS. This feature displays multiple notifications that you can interact with simultaneously.
• Addresses an issue that causes searchindexer.exe to stop responding during a dismount operation in the Remote Desktop setup environment.
• Addresses an issue that affects searchindexer.exe and prevents Microsoft Outlook's offline search from returning recent emails.
• Addresses an issue that might deactivate Windows when you change the National Language Support (NLS) version from 6.3 to 6.2.
• Addresses an issue in which modern browsers fail to correctly render HTML that is generated by gpresult/h.
• Addresses an issue that causes an "Access denied" exception for a file during a PowerShell test for AppLocker.
• Addresses an issue that might cause the Group Policy Service to stop processing telemetry information for Group Policy Registry Preferences.
• Addresses an issue that might prevent a DNS Server query resolution policy from working as expected when you specify a fully qualified domain name (FQDN) and subnet conditions.
• Addresses a heap leak in PacRequestorEnforcement that degrades the performance of a domain controller.
• Addresses an issue that affects the Key Distribution Center (KDC) Proxy. The KDC Proxy cannot properly obtain Kerberos tickets for signing in to Key Trust Windows Hello for Business.
• Adds support for Microsoft Account (MSA) Pass-through scenarios in Azure Active Directory (AAD) Web Account Manager (WAM).
• Addresses an issue that logs Event ID 37 during certain password change scenarios, including failover cluster name object (CNO) or virtual computer object (VCO) password changes.
• Addresses an issue that might unintentionally add a Trusted Platform Module (TPM) protector when you use the Silent BitLocker enablement policy.
• Addresses an issue that prevents the User Account Control (UAC) dialog from correctly showing the application that is requesting elevated privileges.
• Addresses an issue that causes the Move-ADObject command to fail when you move computer accounts across domains. The error message is, "Multiple values were specified for an attribute that can have only one value".
• Addresses an issue that prevents Event 4739 from displaying the new values of certain attributes after a policy change.
• Addresses an issue that prevents Android device users from signing in to some Microsoft applications, such as Microsoft Outlook or Microsoft Teams. This issue occurs after rolling over token signing and decrypting certificates, resetting a user's password, or when an administrator has revoked refresh tokens.
• Addresses an issue that might cause domain joining to fail in environments that use disjoint DNS hostnames.
• Addresses an issue that prevents the Back button of the credentials window, where you sign in, from being visible in high contrast black mode.
• Addresses an issue that prevents you from accessing Server Message Block (SMB) shares using an IP Address when SMB hardening is enabled.
• Addresses an issue that occurs when the Best Practices Analyzer (BPA) values for SMB have not been updated for more recent platforms.
• Addresses an issue that causes stop error 0x1E in the SMB Server (srv2.sys).
• Addresses an issue that causes a mismatch between NetBIOS and DNS Active Directory domain names when you create a cluster.
• Addresses an issue that causes the Network File System (NFS) redirector to stop working (error 0x50) when you convert a text file to a PDF.
• Addresses a known issue that might cause some devices to receive error messages on a blue screen when those devices are paired to Bluetooth devices. This issue occurs when certain configuration service provider (CSP) policies are in place that affect the Bluetooth A2dp profile.

The update is optional and is only offered if the user explicitly selects optional updates for installation in the settings page. The update can also be downloaded and installed from the  Microsoft Update Catalog. The latest Servicing Stack Update (SSU) is integrated. Microsoft lists several known issues with this update in support article KB5011543. In case of doubt, further details can be found in the support article.

KB5011551 for Windows 10 LTSC 2019/Server 2019

Cumulative Preview Update KB5011551 is available for Windows 10 Enterprise LTSC 2019 and Windows Server 2019, raising the build to 17763.2746. The update includes quality improvements but no new operating system features. Here is the list of changes described as highlights:

• Updates an issue that prevents Android device users from signing in to some Microsoft applications, such as Microsoft Outlook or Microsoft Teams.
• Updates an issue that causes the Back button of the credentials window, where you sign in, to become invisible in high contrast black mode.

Below is the complete list of fixed bugs and changes.

• ddresses an issue that affects searchindexer.exe and prevents Microsoft Outlook's offline search from returning recent emails.
• Addresses an issue that causes searchindexer.exe to stop responding during a dismount operation in the Remote Desktop setup environment.
• Addresses an issue in which modern browsers fail to correctly render HTML that is generated by gpresult/h.
• Addresses an issue that might prevent a DNS Server query resolution policy from working as expected when you specify a fully qualified domain name (FQDN) and subnet conditions.
• Addresses an issue that might unintentionally add a Trusted Platform Module (TPM) protector when you use the Silent BitLocker enablement policy.
• Addresses an issue that prevents Event 4739 from displaying the new values of certain attributes after a policy change.
• Addresses an issue that might cause domain joining to fail in environments that use disjoint DNS hostnames.
• Addresses an issue that prevents you from accessing Server Message Block (SMB) shares using an IP Address when SMB hardening is enabled.
• Addresses an issue that causes stop error 0x1E in the SMB Server (srv2.sys).
• Addresses an issue that causes an "Access denied" exception for a file during a PowerShell test for AppLocker.
• Addresses an issue that might cause the Group Policy Service to stop processing telemetry information for Group Policy Registry Preferences.
• Addresses an issue that causes the Group Policy Management Console to stop working after you close it. The system logs Application Error Event ID 1000 and the error, 0xc0000005 (STATUS_ACCESS_VIOLATION); the failing module is GPOAdmin.dll.
• Addresses a heap leak in PacRequestorEnforcement that degrades the performance of a domain controller.
• Addresses an issue that affects the Key Distribution Center (KDC) Proxy. The KDC Proxy cannot properly obtain Kerberos tickets for signing in to Key Trust Windows Hello for Business.
• Addresses an issue that logs Event ID 37 during certain password change scenarios, including failover cluster name object (CNO) or virtual computer object (VCO) password changes.
• Addresses an issue that prevents the User Account Control (UAC) dialog from correctly showing the application that is requesting elevated privileges.
• Addresses an issue that prevents Android device users from signing in to some Microsoft applications, such as Microsoft Outlook or Microsoft Teams. This issue occurs after rolling over token signing and decrypting certificates, resetting a user's password, or when an administrator has revoked refresh tokens.
• Addresses an issue that prevents the Back button of the credentials window, where you sign in, from being visible in high contrast black mode.
• Addresses an issue that causes the Move-ADObject command to fail when you move computer accounts across domains. The error message is, "Multiple values were specified for an attribute that can have only one value".
• Addresses an issue that occurs when the Best Practices Analyzer (BPA) values for SMB have not been updated for more recent platforms.
• Addresses an issue that causes a mismatch between NetBIOS and DNS Active Directory domain names when you create a cluster.
• Addresses an issue that causes the Network File System (NFS) redirector to stop working (error 0x50) when you convert a text file to a PDF.

The update is optional and is only offered if the user explicitly selects optional updates for installation in the settings page. The update can also be downloaded and installed from the Microsoft Update Catalog. The latest Servicing Stack Update (SSU) is integrated. Microsoft lists several known issues with this update in support article KB5011551. In case of doubt, further details can be found in the support article.

Similar articles
Microsoft Office Updates (March 1, 2022)
Microsoft Security Update Summary (March 8, 2022)
Patchday: Windows 10-Updates (March 8, 2022)
Patchday: Windows 11/Server 2022-Updates (March 8, 2022)
Windows 7/Server 2008R2; Windows 8.1/Server 2012R2: Updates (March 8, 2022)
Patchday: Microsoft Office Updates (March 8, 2022)
Windows Server 2022 Preview Update (March 22, 2022)