Security Update KB5009557 for Windows Server 2019 – January Updates

The security update KB5009557 for Windows Server 2019 was released by Microsoft on 11th January. The update will take you to the build number OS 17763.2452. This update seeks to resolve bugs and bring in improvements for the known issues. We discuss the various issues related to the security update, quality improvements, and the ways in which you can install the security update on Windows Server 2019.

KB5009557 security update for January follows the December security update KB5008218. If you have installed the emergency out of band update for January, KB5010196, then you can proceed with the installation of the KB5009557 security update.

KB5010791 Emergency out of band update for Windows Server 2019

Emergency update KB5010791 has been released for Windows Server 2019 on 18th January 2022. The update weighs 556.9 MB, and can be downloaded as an optional update from Windows Update. Or, you could download it manually through the Microsoft Update catalog. This out of band update will resolve the issues that affect the Windows Server 2019 after the deployment of KB5009557. The update resolves:

  • Boot loop issues on domain controllers running on KB5009557 security update.
  • Failed VPN connections through the Windows Server 2019 after deployment of KB5009557.
  • Hyper VM failure leading to failed virtualization layer and failure of virtual machines.
  • ReFS volume drives becoming RAW after installing KB5009557.
  • Failed LDAP bindings on the Active Directory servers.

These issues have been resolved under KB5010791.

Download KB5010791 from the Microsoft Update catalog.

How can I install KB5009557 on Windows Server 2019?

KB5009557 for Windows Server 2019 can be installed manually, and automatically too.

KB5009557 can be downloaded manually from the Microsoft Update catalog. You can download the update for x64 or 64 bit processors from the catalog page. You can read more about the KB5009557 on this page of the Microsoft site. The update weighs 556.7 MB and will require a server reboot to complete the update process. Please do plan for a maintenance window to allow the server patching.

Apart from the manual download from the Microsoft update catalog, you can install the update automatically through the Windows Server Update Service (WSUS). The product needs to be configured to Windows Server 2019 and the classification ought to be Security updates.

You can also install the update through the Windows update program on your Windows Server 2019. This will check for the available Windows updates and install them on top of the server.

Issues with KB5009557 for Windows Server 2019

Quite a few significant issues have been reported for the January security updates by system administrators from all across the world. Most issues have risen after installing the security updates on the Windows Server 2012 and Windows Server 2012 R2. However, there have been instances wherein similar issues are reported on Windows Server 2019. We discuss some major issues reported by the system administrators for the January security updates.

  • Boot loops on the server after installing the security updates. Post installation of the security update, your servers are unable to boot properly. Uninstalling the patch resolves the boot loop issue on the affected servers. The issue, chiefly, affects domain controllers.
  • Hyper VM V may break on the server. This may cause the virtual servers to fail on the server. Break in the virtualization layer can be resolved by uninstalling the security update KB5009557.
  • ReFS volumes, internal as well as external, may turn RAW after installing the security update. Uninstalling the patch resolves the issue and the ReFS volume drives regain the original state.
  • VPN connections, L2TP and IPSEC tunnels, may fail after installing the patch on the servers.
  • LDAP bindings may fail on the servers.

Not all servers will experience one or any of these issues. If your server experiences any of these issues, you can uninstall the security update to get things working again.

Due to the complications and issues arising out of the Windows Server 2019 security updates, it is not a bad idea to put off the January security updates for a while. Microsoft has already acknowledged issues of boot loop and failed VPN connections.

For servers that are struck in boot loops, please follow the instructions below to uninstall the security updates:

  • Take the server off from the network.
  • Boot into the safe mode.
  • Uninstall the security update.
  • Reboot the server.
  • Re-connect the server to the network.

This should allow you to break off the boot loop and restore the pre-update state of the server.

What are the known issues in KB5009557 for Windows Server 2019?

  • Boot loop on the Windows Server 2019 domain controllers.
  • Failure of VPN connections when vendor id is specified. L2TP and IPSEC tunnel connections may also fail.
  • Windows Server 2019 may fail to work as a Key Management Service Host or Server. Consequent to this issue, client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This is pending resolution from Microsoft.
  • Another issue is that after installing KB5001342, the Cluster Service fails to start because a Cluster Network Driver is not found. This issue will clear up 20 minutes after a server reboot as the failover network driver will create cluster network driver.

In terms of bugs and quality improvements, not many details have been shared by Microsoft for an item-wise quality improvement.

Summary

  • KB5009557 for Windows Server 2019 released in January 2022. You can update using WSUS or download it manually through the update catalog.
  • Some significant issues reported by early adopters of the security update.
  • Microsoft has acknowledged some of these admin reported issues.
  • It may be worthwhile to delay patching the servers until Microsoft comes out with a plan of action to resolve some of the issues that have been reported.

You may also like to read more about the January security updates from Microsoft: