Share via

Windows 10, version 1809 and Windows Server 2019

  • Article

Find information on known issues and the servicing status for Windows 10, version 1809 and Windows Server 2019. For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X (formerly Twitter) for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.

The Windows release health site is always evolving. Take our short survey and let us know how we can improve.

Current status as of May 11, 2021:
As of May 11, 2021, all editions of Windows 10, version 1809 and Windows Server 2019 have reached end of servicing, except LTSC editions. Devices running these editions will no longer receive monthly security and quality updates containing protections from the latest security threats.

As always, we recommend that you update your devices to the latest version of Windows 10 as soon as possible to ensure that you can take advantage of the latest features and advanced protections from the latest security threats. For information about servicing timelines and lifecycle, see the Windows 10 release information and Lifecycle FAQ - Windows.

    Known issues

    See open issues, content updated in the last 30 days, and information on safeguard holds. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge).

    SummaryOriginating updateStatusLast updated
    Servers might face performance issues with the August 2024 security update
    This issue affects some enterprise devices when Antivirus is enabled and is scanning the Windows system folder
    		OS Build 17763.6189
    KB5041578
    2024-08-13    		Resolved
    KB5043050    		2024-09-10
    10:04 PT
    August 2024 security update might impact Linux boot in dual-boot setup devices
    This issue might impact devices with dual-boot setup for Windows and Linux when SBAT setting is applied
    		OS Build 17763.6189
    KB5041578
    2024-08-13    		Mitigated
    		2024-08-23
    15:09 PT
    Apps or devices might be unable to create Netlogon secure channel connections
    Scenarios which rely on synthetic RODC machine accounts might fail if they do not have a linked KRBTGT account.
    		OS Build 17763.2452
    KB5009557
    2022-01-11    		Resolved External
    		2024-08-20
    16:29 PT
    Apps that acquire or set Active Directory Forest Trust Information might have issues
    Apps using Microsoft .NET to acquire or set Forest Trust Information might fail, close, or you might receive an error.
    		OS Build 17763.2452
    KB5009557
    2022-01-11    		Mitigated
    		2022-02-07
    15:36 PT

    Issue details

    August 2024

    Servers might face performance issues with the August 2024 security update

    StatusOriginating updateHistory
    Resolved KB5043050OS Build 17763.6189
    KB5041578
    2024-08-13    		Resolved: 2024-09-10, 10:00 PT
    Opened: 2024-08-21, 16:59 PT

    After installing the August 2024 Windows security update, released August 13, 2024 (KB5041578), you might observe that some Windows Server 2019 devices experience system slowdowns, unresponsiveness, and high CPU usage particularly with Cryptographic Services.

    A limited number of organizations reported that the issue was observed when the device was running an Antivirus software which performs scans against the ‘%systemroot%\system32\catroot2’ folder for Windows updates, due to an error with catalog enumeration.

    Our investigations so far indicate that this issue is limited to some specific scenarios. If your IT environment is affected, you might observe that your devices:

    • ​Show increased CPU utilization
    • ​Experience increased disk latency/ disk utilization
    • ​Indicate degraded OS or application performance 
    • ​Show that the CryptSVC service fails to start 
    • ​May boot into a black screen 
    • ​Experience slow to boot
    • ​Freeze or hang

    Home users of Windows using Home or Pro editions are unlikely to face this issue as this scenario is more commonly used in enterprise environments.

    Resolution: This issue was resolved by Windows updates released September 10, 2024 (KB5043050), and later. We recommend you install the latest security update for your device as it contains important improvements and issue resolutions, including this one.

    If you install an update released September 10, 2024 (KB5043050) or later, you need not use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before September 10, 2024, and have this issue, you can resolve it by installing and configuring the special Group Policy listed below. The special Group Policy can be found in Computer Configuration -> Administrative Templates -> <Group Policy name listed below>.

    For information on deploying and configuring this special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback. 

    Group Policy downloads with Group Policy name:

    Important: You will need to install and configure the Group Policy for your version of Windows to resolve this issue. You will also need to restart your device(s) to apply the group policy setting.

    Affected platforms:

    • ​Client: None
    • ​Server: Windows Server 2019

    August 2024 security update might impact Linux boot in dual-boot setup devices

    StatusOriginating updateHistory
    MitigatedOS Build 17763.6189
    KB5041578
    2024-08-13    		Last updated: 2024-08-23, 15:09 PT
    Opened: 2024-08-21, 18:33 PT

    After installing the August 2024 Windows security update, released August 13, 2024 (KB5041578), you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

    The August 2024 Windows security update applies a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

    Workaround:

    Scenario 1: Before applying the August 2024 Windows update

    If you’re dual booting Linux and Windows and you haven’t finalized the installation of the August 2024 Windows update with a reboot yet, you will be able to use the below opt-out registry key. This registry prevents the SBAT update from being applied as part of the August 2024 Windows update and future Windows updates, preventing this issue from happening. Later on, you will be able to delete the registry key if you want to install future SBAT updates.

    Important: This documentation contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows.

    reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

    Scenario 2: After applying the August 2024 Windows update

    If your Linux becomes unbootable after installing the August 13, 2024, or later updates, you can recover your Linux system by following these instructions.

    Important: Modifying firmware settings incorrectly might prevent your device from starting correctly. Follow these instructions carefully and only proceed if you are confident in your ability to do so.

            a) Disable Secure Boot:

    • ​Boot into your device’s firmware settings.
    • ​Disable Secure Boot (steps vary by manufacturer).
            b) Delete SBAT Update:

    • ​Boot into Linux.
    • ​Open the terminal and run the below command:
    sudo mokutil --set-sbat-policy delete
    • ​Enter your root password if prompted.
    • ​Boot into Linux once more.
            c) Verify SBAT Revocations:

    • ​In the terminal, run the below command:
    mokutil --list-sbat-revocations
    • ​Ensure the list shows no revocations.
            d) Re-enable Secure Boot:

    • ​Reboot into the firmware settings.
    • ​Re-enable Secure Boot.
            e) Check Secure Boot Status:

    • ​Boot into Linux. Run the below command:
     mokutil --sb-state
    • ​The output should be “SecureBoot enabled”. If not, retry the step 4.
            f) Prevent Future SBAT Updates in Windows:

    • ​Boot into Windows.
    • ​Open Command Prompt as Administrator and run:
    reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

    At this point, you should now be able to boot into Linux or Windows as before. It’s a good time to install any pending Linux updates to ensure your system is secure.

    Next steps: We are investigating the issue with our Linux partners and will provide an update when more information is available.

    Affected platforms:

    • ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise 2015 LTSB
    • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

    February 2022

    Apps or devices might be unable to create Netlogon secure channel connections

    StatusOriginating updateHistory
    Resolved ExternalOS Build 17763.2452
    KB5009557
    2022-01-11    		Last updated: 2024-08-20, 16:29 PT
    Opened: 2022-02-24, 17:25 PT

    After installing KB5009557 or any updates released January 11, 2022 and later on your domain controllers, scenarios which rely on Read-only domain controllers (RODCs) or synthetic RODC machine accounts might fail to establish a Netlogon secure channel. RODC accounts must have a linked and compliant KRBTGT account to successfully establish a secure channel. Affected applications or network appliances, such as Riverbed SteelHead WAN Optimizers, might have issues joining domains or limitations after joining a domain.

    Next Steps: Affected apps and network appliances will need an update from their developer or manufacturer to resolve this issue. Microsoft has provided the following documentation regarding devices from Riverbed Technology that are configured as RODCs: Information about devices from Riverbed Technology that are configured as RODCs. For further details or resolution guidance applicable to other network devices, contact the developer or manufacturer of the device.

    Affected platforms:

    • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

    Apps that acquire or set Active Directory Forest Trust Information might have issues

    StatusOriginating updateHistory
    MitigatedOS Build 17763.2452
    KB5009557
    2022-01-11    		Last updated: 2022-02-07, 15:36 PT
    Opened: 2022-02-04, 16:57 PT

    After installing updates released January 11, 2022 or later, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API.

    Next Steps: This issue was resolved in the out-of-band update for the version of .NET Framework used by the app. Note: These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.

    For instructions on how to install this update for your operating system, see the KB articles listed below:

    • ​Windows Server 2022: 
    • ​Windows Server 2019: 
    • ​Windows Server 2016: 
    • ​Windows Server 2012 R2: 
    • ​Windows Server 2012:

    Affected platforms:

    • ​Client: None
    • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

    Report a problem with Windows updates

    To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.

    Need help with Windows updates?

    Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.

    For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.

    View this site in your language

    This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.