Karlston Posted January 9, 2019 Share Posted January 9, 2019 Reports are popping up all over that yesterday’s Win7 Monthly Rollup and Security-only patches are causing big problems with networks using SMBv2 shares. The known solution is to uninstall the patch. There’s also a registry fix that may or may not work. Thinkstock It’s Reboot Wednesday (the day following Microsoft's Patch Tuesday) and, like roses unto spring, bugs are starting to crawl out of the woodwork. This time, if you have a network that uses SMBv2, this month’s Win7 patches may knock your network upside the head. I first read about it on Günter Born’s site: The KB4480970 (Monthly Rollup) and KB4480960 (Security only) updates were released by Microsoft on January 8, 2018 for Windows 7 SP1 and Windows Server 2008 R2 SP1. The updates seem to cause serious network issues for some people. Network shares can no longer be achieved via SMBv2 in certain environments. He goes on to cite the German-language site administrator.de, which says (Google translation): Update 01/2019 is no SMB2 connection to a W7 Share more, here the Wireshark Trace from the client who wants to access the W7 Share: always leads to the error message Invalid Handle! On Reddit’s sysadmin forum, BenScobie posts: We've ran into the same issue on a Windows 2008 R2 server. We also cannot authenticate with our TFS server hosted on the same box. ... Uninstalling the update fixed both issues for us. After all of the SMBv1 controversy in June of last year, and WannaCry’s ugly appearance, many folks thought that SMBv2 was sacrosanct. Or at least functional. What fools these patching mortals be. At this point, the best advice is to not install the patch. (Raise your hand if you’ve heard me say that before.) There’s a possible registry fix. Andi on administrator.de says: If the Windows 7 user accesses a share, and he is an administrator on the remote system, this should work on the W7 that hosts the share (elevated cmd): reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f Afterwards you have to reboot the system I have no idea if that works in general, but as the U.S. wakes up to yet another Win7 bork, we’ll likely find out soon. Go ahead. Make my day. Tell me that Microsoft tests this stuff, on the AskWoody Lounge. Source: Patch Tuesday updates for Win7, KB 4480970 and KB 4480960 knock out networking (ComputerWorld - Woody Leonhard) Link to comment Share on other sites More sharing options...
steven36 Posted January 9, 2019 Share Posted January 9, 2019 19 minutes ago, Karlston said: On Reddit’s sysadmin forum, BenScobie posts: We've ran into the same issue on a Windows 2008 R2 server. We also cannot authenticate with our TFS server hosted on the same box. ... Uninstalling the update fixed both issues for us. Quote [–]the_spad 26 points 6 hours ago And this is why we wait a couple of days before installing the monthly updates, because Microsoft's patch QA is questionable at best. I dont even bother to patch the Windows 7 laptop on my network since i patched it for wantacry and its just been fine using it with ESET Smart Security.. End of Life for Windows 7 updates is 370 days unless you are a business and are going to pay for extended support . No extra 2 years like they gave xp unless you pay its all about money now . Windows 7 as a service . Even on Windows 8.1 i wait tell the end of the month to do updates . I done updates for it Monday before the new ones comes out and it dont even have a warning for every update you may lose your network when you update its a on going issue with Windows 7. Link to comment Share on other sites More sharing options...
Karlston Posted January 9, 2019 Author Share Posted January 9, 2019 Same here with my 8.1 and KIS. Only Office 2016 updates, and then only when Woody says they're safe. Link to comment Share on other sites More sharing options...
steven36 Posted January 9, 2019 Share Posted January 9, 2019 2 minutes ago, Karlston said: Same here with my 8.1 and KIS. Only Office 2016 updates, and then only when Woody says they're safe. Microsoft says there is no known issues with Windows 8.1 updates for January but they never know about issues tell they end up pulling and update and i dont always catch when Woody says there safe i just do them the week or days before patch Tuesday and if i forget i just wait 2 months to do them i be on Linux a lot and dont even be paying any mind to whats going on Windows unless i see it on here . Link to comment Share on other sites More sharing options...
Karlston Posted January 9, 2019 Author Share Posted January 9, 2019 3 minutes ago, steven36 said: i just wait 2 months to do them Do you download and update them manually, after 2 months Windows Update will have later ones. Link to comment Share on other sites More sharing options...
steven36 Posted January 9, 2019 Share Posted January 9, 2019 48 minutes ago, Karlston said: Do you download and update them manually, after 2 months Windows Update will have later ones. You can go to the catalog and get any updates you want here is the security only update for Dec 2018 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4471322 But also they was a out of bounds security update for IE in DEC its found here https://www.catalog.update.microsoft.com/search.aspx?q=KB4470199 Security only update for .Net Windows 8.1 for Dec 2018 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4471322 Windows 7 is the same way you just have to search for the updates you missed and install them . Windows 8.1 use to be a joy if you was using OEM Windows 8 the OEM key would not let you install Windows 8.1 so you had to update via the store and you had to find all prerequisites updates and install it to upgrade unless you done some work around https://www.pcsteps.com/627-install-windows-8-1-without-product-key/ I download me Windows 8.1 iso from adguard and it lets you install Windows 8.1 without a key then i can activate with my OEM keys is how i got around it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.