New Optional Patch Fixes Freezing Issues in Windows Server 2022

Datacenter networking servers

Microsoft has released the optional July 2022 non-security patch (KB5015879) for Windows Server 2022. This optional update reduces resource contention in scenarios that require high input/output operations per second (IOPS).

The latest Windows Server 2022 optional patch addresses a bug that was previously causing Windows to freeze due to Windows Defender Application Control. This update also includes a fix for an issue that prevents some troubleshooting tools from opening and triggers lockout policies faster while using Remote Desktop Protocol (RDP).

Here are the main improvements Microsoft highlighted in the release notes for this KB5015879 optional patch for Windows Server 2022:

  • Improves the reliability of a push-button reset after an OS upgrade.
  • Addresses an issue that makes the tenant restrictions event logging channel inaccessible if you remove the EN-US language pack.
  • Updates the Remove-Item cmdlet to properly interact with Microsoft OneDrive folders.
  • Addresses an issue that prevents certain troubleshooting tools from opening.
  • Addresses an issue that causes port mapping conflicts for containers.
  • Addresses an issue that causes Code Integrity to continue trusting a file after the file has been modified.
  • Addresses an issue that might cause Windows to stop working when you enable Windows Defender Application Control with the Intelligent Security Graph feature turned on.
  • Addresses an issue that triggers lockout policies faster when you use Remote Desktop Protocol (RDP) with fast reconnect and Network Level Authentication (NLA) is disabled. This issue occurs when you call LogonUser() with a blank password.
  • Provides the option to configure an alternate login ID for an Azure Multi-Factor Authentication (MFA) Active Directory Federation Services (AD FS) adapter for on-premises scenarios. You can disable the alternate login ID as required. To configure the Azure MFA ADFS adapter to ignore an alternate login ID, run the following PowerShell command:
    • Set-AdfsAzureMfaTenant -TenantId ‘<TenandID>’ -ClientId ‘<ClientID>’ -IgnoreAlternateLoginId $true.To restart the ADFS service on each server in the farm, use the Restart-Service adfssrv PowerShell command.By default, the adapter configuration will not ignore alternate login ID (IgnoreAlternateLoginId = $false) unless explicitly set to $true as in the command above.
  • Reduces the overhead of resource contention in high input/output operations per second (IOPS) scenarios that have many threads contending on a single file.
  • Addresses an issue that prevents the Storage Migration Service (SMS) from completing inventory on servers that have many shares. The system logs error event 2509 in Microsoft-Windows-StorageMigrationService/Admin channel (ErrorId=-2146233088/ErrorMessage=”Invalid table id”).
  • Addresses an issue that causes the Windows profile service to fail sporadically. The failure might occur when signing in. The error message is, “gpsvc service failed to sign in. Access denied”.

Known issues in Windows Server 2022 optional update

Microsoft has acknowledged a known issue with the optional KB5015879 patch for Windows Server 2022. The company has warned that the bug might cause IE mode tabs in Microsoft Edge to stop working when a website shows a modal dialog box. Microsoft is investigating the problem and plans to deliver a fix in an upcoming release.

As usual, this Windows Server 2022 update is available to download from the Optional Updates section of Windows Update. If you prefer to skip this optional patch, you’re going to receive all these bug fixes and improvements when installing next month’s Patch Tuesday update.