List of Domain Controllers (DC’s) related hotfixes post RTM for Windows Server 2012 R2.

Applies to:

Windows Server 2012 R2

Note:  You should check https://support.microsoft.com for the latest version of the different files.

Note 2:  These are not available in Windows Update.

Note 3:  You can download them without entering your e-mail address and captcha if you are a Microsoft Premier customer and have a https://Premier.Microsoft.com account.

Note 4:  Carefully review the list and decide which might be applicable to your unique environment.

Note 5:  Test in your test and your quality assurance environment.

Originally published Jul. 2014.   Updated Jun. 2016.

3145339 LSASS fails and returns a "0xc0000005" error when you run "Full Import" on AAD Connect against a Windows Server 2012 R2 DC

https://support.microsoft.com/kb/3145339 which is fixed in:

3103709 Windows Server 2012 R2-based domain controller update, April 2016

https://support.microsoft.com/kb/3103709

3107677 COM+ applications fail with "80040154" error in Windows 8.1 or Windows Server 2012 R2

https://support.microsoft.com/kb/3107677

Update(s):

Rpcrt4.dll 6.3.9600.18186

3109156 Applications may freeze when ADSI APIs waits infinitely for server to respond in Windows Server 2012 R2

https://support.microsoft.com/kb/3109156

Update(s):

Adsldpc.dll 6.3.9600.18116

3094486 KDS doesn't start or KDS root key isn't created in Windows Server 2012 R2

https://support.microsoft.com/kb/3094486

Update(s):

Kdscli.dll 6.3.9600.18053

3070083 Duplicate SPN check on Windows Server 2012 R2-based domain controller causes restore, domain join and migration failures

https://support.microsoft.com/kb/3070083

Update(s):

Ntdsa.mof

Ntdsai.dll 6.3.9600.17901

Supersede(s):

3106637 Incorrect results in LDAP query, domain controller restarts, or user logons are denied in Windows Server 2012 R2

3083038 Memory leak in LSASS process on Windows Server 2012 R2-based domain controllers and AD LDS server

3070083 Duplicate SPN check on Windows Server 2012 R2-based domain controller causes restore, domain join and migration failures

3042816 AD DS or AD LDS responds slowly to LDAP query that has an undefined attribute and an OR clause in Windows

3107677 COM+ applications fail with "80040154" error in Windows 8.1 or Windows Server 2012 R2

https://support.microsoft.com/kb/3107677

Update(s):

Rpcrt4.dll 6.3.9600.18186

3105881 Can't access applications when device authentication is enabled in Windows Server 2012 R2-based AD FS server

https://support.microsoft.com/kb/3105881

Update(s):

Microsoft.identityserver.diagnostics.dll 6.3.9600.18093

Microsoft.identityserver.management.dll 6.3.9600.18093

Microsoft.identityserver.proxyservice.exe 6.3.9600.18093

Microsoft.identityserver.proxyservice.exe.config

Microsoft.identityserver.service.dll 6.3.9600.18093

Microsoft.identityserver.webhost.dll 6.3.9600.18093

Microsoft.identityserver.web.dll 6.3.9600.18093

Microsoft.identityserver.dll 6.3.9600.18093

Supersede(s):

3092003 Page loads repeatedly and authentication fails when users use MFA in Windows Server 2012 R2 AD FS

3080778 AD FS does not call OnError when MFA adapter throws an exception in Windows Server 2012 R2

3075610 Trust relationships are lost on secondary AD FS server after you add or remove claims provider in Windows Server 2012 R2

3070080 Home realm discovery does not work correctly for a non–claims-aware relying party trust on Windows Server 2012 R2

3035025 Hotfix for update password feature so that users are not required to use registered device in Windows Server 2012 R2

3025078 You are not prompted for username again when you use an incorrect username to log on to Windows Server 2012 R2

2989956 Several issues after you install security update 2843638 or 2843639 on an AD FS server

2975070 AD FS cannot start on a non-English language-based server in Windows Server 2012 R2 or Windows Server 2008 R2

3092002 Set-Acl cmdlet fails although delegated admins have "Change Permissions" enabled in Windows Server 2012 R2

https://support.microsoft.com/kb/3092002

Update(s):

Microsoft.activedirectory.management.dll 6.3.9600.18116

Microsoft.activedirectory.management.dll 6.3.9600.18116

3080777 Dsamain.exe process crashes when AD LDS instance raises an exception in Windows 8.1 or Windows Server 2012 R2

https://support.microsoft.com/kb/3080777

Update(s):

Active directory diagnostics.xml

Dsamain.exe 6.3.9600.17994

Ntdsbmsg.dll 6.3.9600.16384

Ntdsbsrv.dll 6.3.9600.17994

Ntdsctr.h

Ntdsctrs.ini

Ntdskcc.dll 6.3.9600.17994

Ntdsmsg.dll 6.3.9600.16384

Report.ad.xml

Rules.ad.xml

3060682 "The specified server cannot perform the requested operation" error occurs when GPO backup is unsuccessful and dynamic updates are disabled in Windows Server 2012 R2

https://support.microsoft.com/kb/3060682

Update(s):

Gpmgmt.dll 6.3.9600.17811

3052122 Update adds support for compound ID claims in AD FS tokens in Windows Server 2012 R2

https://support.microsoft.com/kb/3052122

Update(s):

Microsoft.identityserver.configuration.dll 6.3.9600.17823

3042825 Domain controllers crash after password sync is enabled in Identity Management for UNIX in Windows Server 2012 R2

https://support.microsoft.com/kb/3042825

Update(s):

Psadmin.exe 6.3.9600.17711

Pswdsync.dll 6.3.9600.17712

Psync-ppdlic.xrm-ms

Psync.mof

Psync_namespace.mof

Psync_provreg.mof

3039095 Update adds user name information to Directory Services event ID 1644 in Windows 8.1 or Windows Server 2012 R2

https://support.microsoft.com/kb/3039095

Update(s):

Adammsg.dll.mui        6.3.9600.17707

Ntdsa.mof       

Ntdsai.dll        6.3.9600.17707

Ntdsbmsg.dll.mui        6.3.9600.16384

Ntdsctrs.ini               

Ntdsmsg.dll.mui        6.3.9600.17707

Report.ad.xml       

Rules.ad.xml       

3033917 AD FS cannot process SAML response in Windows Server 2012 R2

https://support.microsoft.com/kb/3033917

Update(s):

Microsoft.identityserver.identitymodel.dll

3029432 The logon process for new users takes significantly longer as the number of user profiles increases in Windows

https://support.microsoft.com/kb/3029432

Update(s):

Gsrvctr.h       

Gsrvctr.ini       

Gthrctr.h       

Gthrctr.ini       

Idxcntrs.h       

Idxcntrs.ini       

Msscntrs.dll        7.0.9600.17415

Msshooks.dll        7.0.9600.17415

Mssitlb.dll        7.0.9600.17415

Mssph.dll        7.0.9600.17787

Mssphtb.dll        7.0.9600.17787

Mssprxy.dll        7.0.9600.17415

Mssrch.dll        7.0.9600.17787

Mssvp.dll        7.0.9600.17787

Searchfilterhost.exe        7.0.9600.17415

Searchindexer.exe        7.0.9600.17787

Searchprotocolhost.exe        7.0.9600.17787

Tquery.dll        7.0.9600.17787

Wsearchmigplugin.dll        7.0.9600.17415

Msscntrs.dll        7.0.9600.17415

Msshooks.dll        7.0.9600.17415

Mssitlb.dll        7.0.9600.17415

Mssph.dll        7.0.9600.17787

Mssphtb.dll        7.0.9600.17415

Mssprxy.dll        7.0.9600.17415

Mssrch.dll        7.0.9600.17787

Mssvp.dll        7.0.9600.17787

Searchfilterhost.exe        7.0.9600.17415

Searchindexer.exe        7.0.9600.17787

Searchprotocolhost.exe        7.0.9600.17787

Tquery.dll        7.0.9600.17787

Wsearchmigplugin.dll        7.0.9600.17415

3020773 Time-out failures after initial deployment of Device Registration service in Windows Server 2012 R2

https://support.microsoft.com/kb/3020773

Update(s):

Microsoft.identityserver.dkm.dll 6.3.9600.17564

2989971 Can't log on after changing machine account password in mixed Windows Server 2012 R2 and Windows Server 2003 environment

https://support.microsoft.com/kb/2989971

Update(s):

Kdcsvc.dll 6.3.9600.17276 567,808 04-Aug-2014 00:13 x64

Kdcsvc.mof