# Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1 ## Introduction This article describes a convenience rollup for Windows 7 Service Pack 1 (SP1)-based and Windows Server 2008 R2 SP1-based computers. This rollup package includes most updates that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2, through April 2016. This convenience rollup is intended to make it easy to integrate fixes that were released after SP1 for Windows 7 and Windows Server 2008 R2. We recommend that Enterprises include this rollup package in the image creation process to make it easier to quickly set up a computer. ## Known issues in this convenience rollup * Known issue 1 **Symptoms** A new Ethernet Network Interface Card (NIC) that has default settings may replace the previous NIC and cause network issues. Any custom settings on the previous NIC persist in the registry but aren't used. **Resolution** To fix this issue, run the following VBS script. Copy and paste this script into Notepad, and then save the file with a .vbs extension. **Instructions** Before you run the script, make sure that you back up the following registry key and subkeys:**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI** This script can be run on physical or virtual computers at any of the following times: * Immediately before installing the Convenience Rollup. * Immediately after installing the Convenience Rollup but before restarting the following update installation. * After installing Convenience Rollup 3125574 and after restarting even though the computer is in a problem state. In this situation, another restart will be required after the script is run. **Note** The script also includes binary version checks around PCI.SYS file. * Known issue 2 **Symptoms** After you install this rollup, virtualized applications in Microsoft Application Virtualization (App-V) versions 4.5, 4.6, and 5.0 may have problems loading. When these problems occur, you may receive an error message that resembles the following: Launching **MyApp** 100% **Note** In this error message, **MyApp** represents the name of the App-V application. Depending on the scenario, the virtualized app may freeze after it starts, or the app may not start at all. **Important** This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:322756 How to back up and restore the registry in Windows **Resolution** To fix this known issue, configure the **TermSrvReadyEvent** registry entry on the computer on which the Microsoft Application Virtualization Client is installed. **For Microsoft Application Virtualization 5.0** * **Registry Key:** HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Subsystem\ObjExclusions **Value name:** 93 (or any unique value) **Type:** REG_SZ **Data:** TermSrvReadyEvent **Example** For example, type the following command at an elevated command prompt to add the entry to a system that is running Application Virtualization 5.0:reg add HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Subsystem\ObjExclusions /v 93 /t REG_SZ /d TermSrvReadyEvent **For Microsoft Application Virtualization 4.6** * ****For all supported x86-based systems** **Registry Key:**** HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions ****Value name:**** 95 (or any unique value) ****Type:**** REG_SZ ****Data:**** TermSrvReadyEvent ****Example**** For example, type the following command at an elevated command prompt to add the entry to an x86-based system that is running Application Virtualization 4.6:reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions /v 95 /t REG_SZ /d TermSrvReadyEvent * ****For all supported x64-based systems** **Registry Key:**** HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions Value name: 95 (or any unique value) Type: REG_SZ Data: TermSrvReadyEvent ****Example**** For example, type the following command at an elevated command prompt to add the entry to an x64-based system that is running Application Virtualization 4.6:reg add HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions /v 95 /t REG_SZ /d TermSrvReadyEvent * **Known issue 3******Symptoms**** After you install this rollup, if outgoing NTLM traffic is blocked by using the following group policy setting:Policies\Windows Settings\Security Settings\Local Policies\SecurityOptions\Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers Group Policy object (GPO) backup operations will fail with both Group Policy Management Console (GPMC) as well as PowerShell with the following error message: A directory Service error has occurred Additionally, gpmgmt.log will log the following errors: [XXX.XXX] **Date****Time** [WARNING] LdapConnectServer: ldap_bind_s failed with 0x80072095 ****Resolution** 1\. **You can use a Windows 8.1 or newer operating system to perform the GPO Backups instead. -OR- 2\. To fix this known issue, configure an exception for Windows 7 and Windows Server 2008 R2 Systems doing GPO Backup operations, in order to enable outgoing NTLM authentication: * Configure an exception through GPO (for example: **ldap/contoso.com**)Policies\Windows Settings\Security Settings\Local Policies\SecurityOptions\Network Security: Restrict NTLM: Add remote server exceptions * Configure an exception through the registry (for example: **ldap/contoso.com**)**HKLM\System\CurrentControlSet\Control\LSA\MSV1_0\ ** * **Known issue 4******Symptoms**** After you install this rollup, in some cases, you may notice that the robocopy mirroring (/MIR) command is not working as expected. It is observed that instead of only copying modified files from Source to Destination, robocopy is also copying the files that were not modified. Command where the issue is observed:_Robocopy /MIR []_ ****Resolution**** To fix this issue, you are advised to use archive attribute based mirroring. In this mode, robocopy mirroring makes sure to only copy files that were modified in Source and skip the rest. Command for archive attribute based mirroring:_Robocopy /MIR /A /M []_****Note**** In first pass, it will still copy all the files. However, in subsequent runs, it will only copy the files that were modified. * **Known issue 5******Symptoms**** 32-bit applications can't change local Group Policy in 64-bit version of Windows 7 SP1 and Windows Server 2008 R2 SP1. ****Resolution**** To fix this issue, uninstall the update KB3125574. ## __ Script Dim strPciFileVersion Dim WindirFilePathset WshShell = WScript.CreateObject("WScript.Shell") WindirFilePath = WshShell.ExpandEnvironmentStrings("%WinDir%") Dim fs Set fs = CreateObject("Scripting.FileSystemObject") strPciFileVersion = fs.getfileversion(WindirFilePath & "\\\system32\\\drivers\\\pci.sys") Dim strAryFileVersion1strAryFileVersion1 = Split(strPciFileVersion, ".")If (strAryFileVersion1(0) = 6 And strAryFileVersion1(1) = 1 And strAryFileVersion1(2) = 7601) Then If (strAryFileVersion1(3) < 17630 Or (strAryFileVersion1(3) > 20000 And strAryFileVersion1(3) < 21744)) Then Const HKEY_LOCAL_MACHINE = &H80000002 Dim oReg : Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\root\default:StdRegProv") Dim oShell : Set oShell = CreateObject("WScript.Shell") Dim sPath, aSub, sKey, aSubToo, sKeyToo, dwValue, Result, SaveResult Dim NotDeleted NotDeleted = 0 ' Get all keys within sPath sPath = "SYSTEM\CurrentControlSet\Enum\PCI" oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aSub ' Loop through each key For Each sKey In aSub ' Get all subkeys within the key 'sKey' oReg.EnumKey HKEY_LOCAL_MACHINE, sPath & "\" & sKey, aSubToo For Each sKeyToo In aSubToo Result = oReg.DeleteKey(HKEY_LOCAL_MACHINE, sPath & "\" & sKey & "\" & sKeyToo & "\" & "\Device Parameters" & "\SlotPersistentInfo") ' Allow failure only if key never existed If (Result = 1) Or (Result > 2) Then NotDeleted = 1 SaveResult = Result End If Next Next If (NotDeleted > 0) Then Wscript.Echo "SlotPersistentInfo keys still exist under HKLM\System\CurrentControlSet\Enum\PCI\\\Device Parameters. Please delete all manually and then install the updates. Result = " & Result End If Else WScript.Echo "Your system is ready to install the updates" End If Else WScript.Echo "Your system is ready to install the updates" End If ## How to get this convenience rollup ### Microsoft Update Catalog To get the package for this update, go to the Microsoft Update Catalog website. ### Update detail information #### Prerequisites To apply this update, you must install Service Pack 1 for Windows 7 or Windows Server 2008 R2 (KB976932) and April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2 (KB3020369). You also need at least 4 GB of free disk space to install this update. After a brand-new installation, the disk usage will increase by between 1 GB and 2 GB, depending on processor type (x86 vs. x64) and edition (Enterprise or ThinPC). ## Update replacement information This update replaces the previously released update 2614451 and 2800422. ## More Information We intentionally did not include any specific post-Service Pack 1 updates in convenience rollup 3125574 for which the following conditions are true: * They don’t have broad applicability. * They introduce behavior changes. * They require additional user actions, such as making registry settings. You may download and install such fixes manually after you determine whether they apply to your deployment scenarios. Specifically, the following fixes are not included in this convenience rollup: 2620264 You cannot start any RemoteApp applications through a Windows Server 2008-based or later Terminal Server or RD Gateway 2646060 An update that selectively disables the Core Parking feature in Windows 7 or in Windows Server 2008 R2 is available 2647954 The PIN dialog box does not appear or you are presented with all the certificates in the store when you try to access a WebDAV server in Windows 7 or in Windows Server 2008 R2 2663685 Changes that are not replicated to a downstream server are lost on the upstream server after an automatic recovery process occurs in a DFS Replication environment in Windows Server 2008 R2 2695321 IPsec session takes 5 to 6 minutes to connect to a storage controller on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2 2727994 You cannot open or save Office 2010 documents on a WebDAV file server on a computer that is running Windows 7 or Windows Server 2008 R2 2728738 You experience a long logon time when you try to log on to a Windows 7-based or a Windows Server 2008 R2-based client computer that uses roaming profiles 2750841 An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2 2752259 An update that improves the performance of the Printbrm.exe command-line tool in Windows 7 or in Windows Server 2008 R2 is available 2891144 Application does not draw polylines correctly when you run it through an RD Session in Windows Server 2008 R2 SP1 2898851 Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014 2907020 "Location is not available" error when you access a mapped network drive after Windows standby or resume 2918833 Third-party IMEs give users unprotected access to your Windows 7-based or Windows Server 2008 R2-based system 2923766 Black screen when you plug in a monitor on a computer or open a lid of a laptop that is running in Windows 2925489 You cannot establish an IPsec connection with certain third-party devices in Windows 2990184 A FIPS-compliant recovery password cannot be saved to AD DS for BitLocker in Windows 7 or Windows Server 2008 R2 2781512 \- WinRM operations to Hyper-V fail on a Windows 7 SP1-based or Windows Server 2008 R2 SP1-based computer that has Windows Management Framework 3.0 installed 2823180 \- Update is available for Windows Management Framework 3.0 in Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 2802886 \- You cannot register an SPN from a Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012-based client computer in a disjoint namespace 2842230 \- "Out of memory" error on a computer that has a customized MaxMemoryPerShellMB quota set and has WMF 3.0 installed 2887064 \- The Start-Process cmdlet ignores the "-Wait" parameter when the cmdlet is started remotely on a Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Vista SP2, or Windows Server 2008 SP2 computer that has Windows Management Framework 3.0 installed 2889748 \- High memory usage by the Svchost.exe process after you install Windows Management Framework 3.0 on a Windows-based computer 2830615 \- $MyInvocation.MyCommand object is set to null when you run the script by using PowerShell 3.0 in Windows 8 or in Windows Server 2012 This convenience rollup also does not include any of the servicing updates for Internet Explorer. If you require the servicing updates for Internet Explorer, download and install the latest Security update for Internet Explorer. ## File information For a list of the files that are provided in this convenience rollup, download the file information for update 3125574. ## References For more information about Windows Update, and troubleshooting problems with installing updates go to the following Microsoft websites: 2509997 You can't install updates in Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 Troubleshoot problems with installing updates Learn about the terminology that Microsoft uses to describe software updates.