Windows Server 2016’s February 2019 Cumulative Quality Update, bringing the OS version to 14393.2828 , offers a fix for two authentication issues.

About Windows Server 2016 Updates

Microsoft issues two major updates each month for Windows Server 2016, as outlined in the Patching with Windows Server 2016 blogpost.

On the second Tuesday of each month (Patch Tuesday) Microsoft issues a cumulative update that includes security and quality fixes for Windows Server 2016. Being cumulative, this update includes all the previously released security and quality fixes.

In the second half of each month (generally the 3rd week of the month) Microsoft releases a non-security / quality update for Windows Server 2016.  This update, too, is cumulative and includes all quality and security fixes shipped prior to this release.

Fixed issues

RPT Updates fail with error MSIS7615

KB4487006 addresses an issue that causes updates to a Relying Party Trust (RPT) to fail when using PowerShell or the Active Directory Federation Services (AD FS) Management Tools. This issue occurs if you configure a RPT to use an online federation metadata URL that publishes more than one PassiveRequestorEndpoint.

The error is:

MSIS7615: The trusted endpoints specified in a relying party trust must be unique for that relying party trust.

Azure Password Protection Error

KB4487006 addresses an issue that displays a specific error message for external complexity password changes, because of Azure Password Protection policies.

Azure AD Password Protection for Windows Server Active Directory is used to prevent weak passwords being used in the organization using Active Directory Domain Services.

Call to Action

When you experience the above issue, you are invited to install Windows Server 2016’s February 2019 Cumulative Quality Update (KB4487006) on your Active Directory Federation Services (AD FS) servers and Window-based endpoints to resolve them. Test the update to avoid any issues with this update.

Known issues

For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.

The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Internet Explorer 11 may have authentication issues.