KB5009557 is a Microsoft security update for Windows Server 2019, released on January 11th 2022 for OS 17763.2452. The main goal of the update is to fix bugs and provide quality improvements for documented issues.
In this article, we’ll discuss the changes made by this update. We will also look at the issues arising after installation and how to fix them. Finally, I will walk you through how to install KB5009557.
What Changes Does Windows KB5009557 Update Make?
KB5009557 is a ‘servicing stack update’, meaning it was released to improve the servicing stack. The role of the servicing stack is to install windows updates.
Like all other Servicing stack updates (SSU), improvements made by KB5009557 ensure that your device can reliably install Microsoft updates.
Microsoft does not provide finer details of what this update does, and only mention that the “update contains miscellaneous security improvements to internal OS functionality”.
Before installing KB5009557, you should first install KB5010196, January’s out of band update.
An out of band update is an update that occurs outside the normal Windows Update process, usually because the operating system or drivers have become outdated or because a security update is experiencing a problem.
Like KB5009557, KB5010196 is also a servicing stack update. It addresses the following issues issue that prevents the Remote Desktop from reaching the server:
- Unresponsive server
- The screen going black,
- Generally slow sign in process and performance
Issues Caused By KB5009557 Update and How To Fix Them
KB5009557 was released alongside other January server updates KB5009624 for Windows Server 12 Rs and KB5009555 for Windows Server 2022.
System admins reported a number of issues with these updates, causing Microsoft to temporarily halt their rollout. Microsoft later re-released the updates, citing that they were conducting investigations into the issues. Several fixes and workarounds have been released since, and we will look at some of them below.
Some of the reported issues with the KB50059557 include:
- Boot loops. Servers experienced boot loops after installing KB5009557. This issue was mainly noted in domain controllers. The boot loops resolve after uninstalling the security patch.
- You can do the following to correct an issue with your server being in boot loop:
- Take the affected server off the network and boot in safe mode
- Uninstall KB5009557
- Reboot the server and connect it back to the network
- Hyper – V failures. These breaks affected VM creation and function on the servers. Admins were able to fix the Hyper- V breaks after uninstalling KB5009557.
- ReFS volumes appeared as RAW. This happened for both Internal and external ReFS volumes, preventing servers effectively mounting a storage space volume and instead returning an error. ReFS drives regained proper functioning after admins uninstalled KB5009557.
- VPN failure. VPN connection failed, and so did L2TP and IPSEC tunneling.
- Binding failure on LDAP servers. This created the potential risk of authenticating users over unencrypted connections.
- Windows Server 2019 failure as a Key Management Service Host. This might cause devices running on Windows 10 Enterprise LTSC 2016 and LTSC 2019 not to activate.
- Cluster service failure. The installation causes the Cluster Network Driver not to be found, consequently leading to start up failure of the Cluster Service. A reboot resolves this issue by triggering the automatic failover system.
- Issues in machines with Asian language packs. Some devices using Asian language packs received error 0x800f0982. You can resolve this issue by uninstalling the service pack or resetting your PC by going to settings>recovery>reset this pc>get started>keep my files.
While these issues are alarming, they only affect some servers and not others. As indicated, affected servers were able to function normally after their administrators uninstalled the patch.
That said, owing to these complications, it might not be such a good idea to install Windows Server 2019 KB5009557 just yet, until Microsoft has a permanent fix for these issues.
How To Install The Windows KB5009557 Update On Windows Server 2019
You can install KB5009557 on your Windows Server 2019 automatically via the Windows Server Update Service (WSUS). Using the Windows update program for the installation will also allow available Windows updates to install on top of Windows server 2019. You can also install it manually by first downloading it from the Microsoft update catalog.
After you install the 556.7 MB file, you need to reboot your server to finish the update. It is advisable to plan a maintenance window to run this update uninterrupted.
You should also download KB5010791 from the Microsoft update catalog. This patch is an out of band update released to resolve the issues arising after deploying KB5009557.
At 556.9 MB, KB5010791 is almost the same size as Windows server 2019 update KB5009557.
The patch resolves some of the issues discussed above including:
- Boot loop issues
- VPN failure
- Raw ReFS volume drives
- Hyper-V failure to create VM
- Problems with LDP binding