Applies to: Windows Server 2008 R2 Service Pack 1 Windows Server 2008 R2 SP1 W2K8 R2 Service Pack 1 W2K8 R2 SP1
Note: You should check http://support.microsoft.com for the latest version of the different files.
List of Domain Controllers (DC’s) related hotfixes post SP1 for Windows Server 2008 R2 SP1 as of Sep. 2012:
2698279 Settings that are driven by a Netlogon GPO do not work as expected in Windows 7 or in Windows Server 2008 R2 http://support.microsoft.com/?id=2698279
Update(s): Netlogon.dll 6.1.7601.21958 Bootfix.bin Nlsvc.mof Supersede(s): 2666938 Client computer uses site-less SRV records after you restart the computer in Windows 7 or in Windows Server 2008 R2
2685888 Netlogon Semaphore performance counters display incorrect values in the Performance Monitor in a Windows Server 2008 R2-based domain environment http://support.microsoft.com/?id=2685888
Update(s): Expand.exe.mui 6.1.7601.21948 Netmsg.dll.mui 6.1.7601.21948 Netlogon.dll 6.1.7601.21948 (updated in 2698279) Nlsvc.mof (updated in 2698279) Supersede(s): 2654097 New event log entries that track NTLM authentication delays and failures in Windows Server 2008 R2 are available 2589015 Selective authentication over a forest trust fails when Windows Server 2008 R2-based RODC and RWDC are involved in the authentication process 2580119 The operating system cannot establish a secure channel after a failed deployment of Windows 7 or Windows Server 2008 R2 on client computers 2494158 Managed service account authentication fails after its password is changed in Windows 7 or in Windows Server 2008 R2
2684982 The Lsass.exe process crashes on Windows Server 2008 R2-based domain controllers http://support.microsoft.com/?id=2684982
Update(s): Logoncli.dll 6.1.7601.21934 Netlogon.dll 6.1.7601.21934 (updated in 2698279)
2712286 "1101" error code when you run an esentutl /g command on a Windows 7-based or Windows Server 2008 R2-based computer http://support.microsoft.com/?id=2712286
Update(s): Esent.dll 6.1.7601.22013 Supersede(s): 2566592 Tuple index is corrupted in a Windows Server 2008 R2 domain
2671874 Heavy WAN usage after you restart centralized Windows Server 2008 R2-based domain controllers http://support.microsoft.com/?id=2671874
Update(s): Ntdsai.dll 6.1.7601.21980 Ntdsa.mof Supersede(s): 2665616 You cannot install a new domain controller on a computer that is running Windows Server 2008 R2 because of an RPC error 2642658 You cannot create users, computers, or groups on a domain controller that is running Windows Server 2008 R2 2641962 The msDS-HasInstantiatedNCs and msDS-hasMasterNCs attributes do not replicate if an authoritative restore is performed in Windows Server 2008 R2 2621146 MS11-095: Description of the security update for Active Directory: December 13, 2011 2618669 An update is available to detect and prevent too much consumption of the global RID pool on a domain controller that is running Windows Server 2008 R2 2616886 Group membership is emptied on a Windows Server 2008 R2-based RODC after the group is converted from a universal group into a global domain group or a local domain group 2580503 The DirSync control returns more search results than expected in a Windows Server 2008 R2-based domain 2526455 You cannot open the properties of any object by using ADSI Edit after you mount a restored Active Directory database file by using the Active Directory database mounting tool in a Windows Server 2008 R2 Active Directory domain environment 2500682 NSPI query for address book information is slow and high CPU usage on domain controllers in a Windows Server 2008 R2 domain 2468316 A paged LDAP query fails on the second page and the pages that follow in Windows Server 2008 R2 2458125 The Value field under the Attribute item for event ID 5136 is empty in Windows Server 2008 and in Windows Server 2008 R2 2413670 Events 1659, 1481, and 1173 are recorded in the Directory Service event log on Windows Server 2008 R2-based domain controllers after you remove Active Directory Domain Services from the last domain controller in a tree root domain
Update(s): Ntdsai.dll 6.1.7601.21980 Ntdsa.mof
Supersede(s): 2665616 You cannot install a new domain controller on a computer that is running Windows Server 2008 R2 because of an RPC error 2642658 You cannot create users, computers, or groups on a domain controller that is running Windows Server 2008 R2 2641962 The msDS-HasInstantiatedNCs and msDS-hasMasterNCs attributes do not replicate if an authoritative restore is performed in Windows Server 2008 R2 2621146 MS11-095: Description of the security update for Active Directory: December 13, 2011 2618669 An update is available to detect and prevent too much consumption of the global RID pool on a domain controller that is running Windows Server 2008 R2 2616886 Group membership is emptied on a Windows Server 2008 R2-based RODC after the group is converted from a universal group into a global domain group or a local domain group 2580503 The DirSync control returns more search results than expected in a Windows Server 2008 R2-based domain 2526455 You cannot open the properties of any object by using ADSI Edit after you mount a restored Active Directory database file by using the Active Directory database mounting tool in a Windows Server 2008 R2 Active Directory domain environment 2500682 NSPI query for address book information is slow and high CPU usage on domain controllers in a Windows Server 2008 R2 domain 2468316 A paged LDAP query fails on the second page and the pages that follow in Windows Server 2008 R2 2458125 The Value field under the Attribute item for event ID 5136 is empty in Windows Server 2008 and in Windows Server 2008 R2 2413670 Events 1659, 1481, and 1173 are recorded in the Directory Service event log on Windows Server 2008 R2-based domain controllers after you remove Active Directory Domain Services from the last domain controller in a tree root domain
2680097 Iscsilog.dll is not included in the system state backup files on a Windows Server 2008 R2 SP1-based computer http://support.microsoft.com/?id=2680097
Update(s): Crypt32.dll 6.1.7601.21935 Supersede(s): 2677070 2641690 Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing 2615174 "0x80092013, CRYPT_E_REVOCATION_OFFLINEA" error message when you try to verify a certificate that has multiple chains in Windows Server 2008 R2 or in Windows 7 2507119 Outlook crashes when you try to open a compressed email message that is created by a third-party Outlook add-in in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
2545833 Slow performance occurs when many user authentication requests are handled in Windows Server 2008 R2 http://support.microsoft.com/?id=2545833
Update(s): Cryptdll.dll 6.1.7601.21732
2695401 DPAPI keys are not synchronized when you unlock a Windows 7-based or Windows Server 2008 R2-based computer http://support.microsoft.com/?id=2695401
Update(s): Lsass.exe 6.1.7601.21959 ksecdd.sys Supersede(s): 2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2 2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment 2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers 2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012 2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012 2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2 2522623 InitializeSecurityContext function might not fall back to NTLM authentication in Windows 7 or in Windows Server 2008 R2 when Kerberos fails and has the STATUS_NO_LOGON_SERVERS status
Update(s): Supersede(s): 2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2 2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment 2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012 2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012 2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2
2701275 The Log On To feature does not work when the name of a Windows 7-based or Windows Server 2008 R2-based client computer contains six or more Traditional Chinese characters http://support.microsoft.com/?id=2701275
Update(s): Kerberos.dll 6.1.7601.21966 Supersede(s): 2678068 Remote Assistance invitation fails in an Active Directory environment in Windows 7 or in Windows Server 2008 R2 2566059 RC4 pre-authentication failure for the Network Service account in Windows Server 2008 R2 or in Windows 7 2526946 An SSO solution that calls the LsaLogonUser function to pass a KERB_TICKET_LOGON structure for Kerberos authentication does not work in Windows 7 SP1 or in Windows Server 2008 R2 SP1 2425227 MS11-013: Description of the security update for Kerberos in Windows 7 and in Windows Server 2008 R2: February 8, 2011
2425227 MS11-013: Description of the security update for Kerberos in Windows 7 and in Windows Server 2008 R2: February 8, 2011 http://support.microsoft.com/?id=2425227
Update(s): kdcsvc.dll
2642658 You cannot create users, computers, or groups on a domain controller that is running Windows Server 2008 R2 http://support.microsoft.com/?id=2642658
Update(s): Ntdsutil.exe 6.1.7601.21898
2696718 NTLM authentication fails intermittently after the computer password is changed through a Windows Server 2008 R2-based RODC http://support.microsoft.com/?id=2696718
Update(s): Samsrv.dll 6.1.7601.21970 Samsrv.mof Samlib.dll 6.1.7601.21970 Samsrv.mof Supersede(s): 2642658 You cannot create users, computers, or groups on a domain controller that is running Windows Server 2008 R2 2641192 The badPwdCount attribute is not reset to 0 on a Windows Server 2008 R2-based or Windows Server 2008-based PDC when the reset request is sent from an RODC 2618669 An update is available to detect and prevent too much consumption of the global RID pool on a domain controller that is running Windows Server 2008 R2 2386717 The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer
Update(s): Schannel.dll 6.1.7601.21959 Supersede(s): 2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment 2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers 2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012 2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012 2416849 SSL authentication fails and X.509 error occurs when a WCF-enabled application performs mutual authentication in Windows 7, in Windows Server 2008 R2, in Windows Vista, or in Windows Server 2008
Update(s): Sspicli.dll 6.1.7601.21959 Supersede(s): 2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2 2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment 2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers 2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012 2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012 2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2 2522623 InitializeSecurityContext function might not fall back to NTLM authentication in Windows 7 or in Windows Server 2008 R2 when Kerberos fails and has the STATUS_NO_LOGON_SERVERS status
Update(s): Cng.sys 6.1.7601.21959 Secur32.dll 6.1.7601.21959 Supersede(s): 2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2 2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment 2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers 2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012 2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2
2633205 Auto-enrollment process for computer certificates fails on a client computer that is running Windows 7 or Windows Server 2008 R2 http://support.microsoft.com/?id=2633205
Update(s): Ncrypt.dll 6.1.7601.21872 Ncryptui.dll 6.1.7601.21872 Supersede(s): 2507840 Keys in the CNG user interface are always described as having no description in Windows 7 or in Windows Server 2008 R2
2619880 "The network path was not found" error message when you start a LDAP-related application in Windows Server 2008 R2 http://support.microsoft.com/?id=2619880
Update(s): Wldap32.dll 6.1.7601.21822
2637692 RPC threads may stop responding in Windows 7 or in Windows Server 2008 R2 http://support.microsoft.com/?id=2637692
Update(s): Rpcrt4.dll 6.1.7601.21849
2685088 The screen saver grace period does not work as expected if the period exceeds 60 seconds on a computer that is running Windows 7 or Windows Server 2008 R2 http://support.microsoft.com/?id=2685088
Update(s): Winlogon.exe 6.1.7601.21980 Supersede(s): 2617878 You cannot set the LogonTimeout setting after the default RDP listener (RDP-Tcp) is deleted in Windows Server 2008 R2 2562672 Computer stops responding if the smart card is removed during hibernation in Windows 7 or in Windows Server 2008 R2 2468353 The MPR still calls the NPPasswordChangeNotify function to notify a password change event in Windows 7 or in Windows Server 2008 R2 even though the password change is unsuccessful
Update(s): Winlogon.exe 6.1.7601.21980
Supersede(s): 2617878 You cannot set the LogonTimeout setting after the default RDP listener (RDP-Tcp) is deleted in Windows Server 2008 R2 2562672 Computer stops responding if the smart card is removed during hibernation in Windows 7 or in Windows Server 2008 R2 2468353 The MPR still calls the NPPasswordChangeNotify function to notify a password change event in Windows 7 or in Windows Server 2008 R2 even though the password change is unsuccessful
2600484 Certain user folders are absent from the user profile in Windows 7 or in Windows Server 2008 R2 if the folders are excluded from the roaming profile http://support.microsoft.com/?id=2600484
Update(s): Userenv.dll 6.1.7601.21793
2575866 RSoP shows a red X on the icons for registry settings in 64-bit Windows Vista, in 64-bit Windows 7, in 64-bit Windows Server 2008 or in 64-bit Windows Server 2008 R2 http://support.microsoft.com/?id=2575866
Update(s): Scecli.dll 6.1.7601.21864
2537556 When you use a GPO for application deployment in Windows 7 or in Windows Server 2008 R2, the deployment fails or is delayed http://support.microsoft.com/?id=2537556
Update(s): Appmgmts.dll 6.1.7601.21704
2715922 Home folder is not mapped to a client computer when multiple users are logged on to a computer that is running Windows 7 or Windows Server 2008 R2 http://support.microsoft.com/?id=2715922
Update(s): Profsvc.dll 6.1.7601.22009 Supersede(s): 2709630 Delay occurs when you log on to a domain from a computer that is running Windows 7 or Windows Server 2008 R2 2673347 Home directory settings that you defined in Group Policy are not applied on a Windows 7 SP1-based or Windows Server 2008 R2 SP1-based VDI client 2664408 Variable %userdomain% roaming profile path is not resolved correctly in Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista 2661663 Stale user profile folders are not deleted completely in Windows 7 or in Windows Server 2008 R2 2600484 Certain user folders are absent from the user profile in Windows 7 or in Windows Server 2008 R2 if the folders are excluded from the roaming profile 2065362 "Unable to log you on because your profile could not be loaded, please contact your administrator" error when you try to log on to a computer in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
Update(s): Profsvc.dll 6.1.7601.22009
Supersede(s): 2709630 Delay occurs when you log on to a domain from a computer that is running Windows 7 or Windows Server 2008 R2 2673347 Home directory settings that you defined in Group Policy are not applied on a Windows 7 SP1-based or Windows Server 2008 R2 SP1-based VDI client 2664408 Variable %userdomain% roaming profile path is not resolved correctly in Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista 2661663 Stale user profile folders are not deleted completely in Windows 7 or in Windows Server 2008 R2 2600484 Certain user folders are absent from the user profile in Windows 7 or in Windows Server 2008 R2 if the folders are excluded from the roaming profile 2065362 "Unable to log you on because your profile could not be loaded, please contact your administrator" error when you try to log on to a computer in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
2581608 Logon scripts take a long time to run in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2 http://support.microsoft.com/?id=2581608
Update(s): Gpsvc.dll 6.1.7601.21830 Gpapi.dll 6.1.7601.21830 Supersede(s): 2553771 GetGPOList function does not return all GPOs in Windows 7, in Windows Server 2008 R2, in Windows Vista or in Windows Server 2008 2550944 Group Policy logon scripts do not run in Windows 7 or in Windows Server 2008 R2
Update(s): Gpsvc.dll 6.1.7601.21830 Gpapi.dll 6.1.7601.21830
Supersede(s): 2553771 GetGPOList function does not return all GPOs in Windows 7, in Windows Server 2008 R2, in Windows Vista or in Windows Server 2008 2550944 Group Policy logon scripts do not run in Windows 7 or in Windows Server 2008 R2
2738974 Incorrect start time of Group Policy scheduled tasks on a client computer that is running Windows 7 or Windows Server 2008 R2 http://support.microsoft.com/?id=2738974
Update(s): Microsoft.grouppolicy.reporting.resources.dll 6.1.7601.22078 Microsoft.grouppolicy.reporting.dll 6.1.7601.22078 Gpme.dll 6.1.7601.17514 Gppref.dll 6.1.7601.22078 Gpprefbr.dll 6.1.7601.22078 Gpprefcn.dll 6.1.7601.22078 Gpregistrybrowser.dll 6.1.7601.17514 Propshts.dll 6.1.7601.22078
Related list of hotfixes: ------------------------------ List of DFS related hotfixes post Service Pack 1 for Windows Server 2008 R2. http://blogs.technet.com/b/yongrhee/archive/2011/10/21/list-of-dfs-related-hotfixes-post-service-pack-1-for-windows-server-2008-r2.aspx
List of DNS related hotfixes post SP1 for Windows Server 2008 R2 SP1 http://blogs.technet.com/b/yongrhee/archive/2012/02/18/list-of-dns-related-hotfixes-post-sp1-for-windows-server-2008-r2-sp1.aspx
List of Network related hotfixes post SP1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 http://blogs.technet.com/b/yongrhee/archive/2011/06/12/list-of-network-related-hotfixes-post-sp1-for-windows-server-2008-r2-sp1.aspx
Very useful, thanks. Any chance the list will get updated?
Very useful thanks