Windows Server 2019’s February 2019 Cumulative Quality Update, bringing the OS version to 17763316 , offers a fix for two authentication issues.
About Windows Server 2019 Updates
Microsoft issues two major updates each month for Windows Server 2019, as outlined in the Patching with Windows Server 2016 blogpost.
On the second Tuesday of each month (Patch Tuesday) Microsoft issues a cumulative update that includes security and quality fixes for Windows Server 2019. Being cumulative, this update includes all the previously released security and quality fixes.
In the second half of each month (generally the 3rd week of the month) Microsoft releases a non-security / quality update for Windows Server 2019. This update, too, is cumulative and includes all quality and security fixes shipped prior to this release.
KB4487044 addresses an issue that fails to set the LmCompatibilityLevel value correctly. LmCompatibilityLevel specifies the authentication mode and session security.
Windows Hello for Business
KB4487044 addresses an issue that causes the Windows Hello for Business Hybrid Key Trust deployment sign-in to fail if Windows Server 2019-based Domain Controllers are used for authentication.
The error is:
That option is temporarily unavailable. For now, please use a different method to sign in.
This issue is caused when Active Directory Domain Services (AD DS) activity tracing is enabled. In this scenario, a Local Security Authority Subsystem Service (LSASS) exception may occur in the Windows 2019-based Domain Controller when processing a user’s sign in.
Call to Action
When you experience the above issue, you are invited to install Windows Server 2019’s February 2019 Cumulative Quality Update (KB4487044) on your Active Directory Domain Controllers to resolve them. Test the update to avoid any issues with this update.
After installing this update, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.
After installing this update, Internet Explorer may fail to load images with a backslash (\) in their relative source path and may have authentication issues.
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.