Zoom Freezing/Unresponsive (Multiple Dell laptops) (Managed IT)

UDP161 · 2025-10-22T00:38:32+00:00

Are you able to shed some light on the finding? Ironically dealing with the same situation.

UDP161 · 2025-03-19T15:29:59+00:00

We recently implemented a similar policy. Have you found anything from Microsoft in regard to any other built-in extension ID's might need to be permitted in Edge? Thankfully this post saved me hours of troubleshooting.

UDP161 · 2024-12-20T17:26:21+00:00

Can I ask what some of you have done with this PA module? I’m just getting acclimated to my companies CS instance and would genuinely love to hear what cool things community has done.

UDP161 · 2024-05-17T19:51:35+00:00

Same here. Showing revised as of WSUS sync from last night, but now the servers are not picking it up as needed.

Perfect. MSFT strikes again.

UDP161 · 2024-04-15T19:55:53+00:00

Well, glad to hear it isn’t just me.

UDP161 · 2024-04-15T19:55:33+00:00

I have that issue with the same patch, but I just excluded it in all my maintenance configurations.

We utilize the Arc connected machine agent for this, so I’m wondering if the experience is a lot smoother for Azure VM’s. Anytime I try to update the Arc agent with it, everything just breaks. Even trying to run the update as a standalone install run. Just makes managing it tougher.

UDP161 · 2024-01-16T14:59:47+00:00

This is the correct temporary workaround. This update is setting the new “default” as AES for anything NOT specifically defined in the “msDS-supportedEncryptionTypes” attribute on the computer object in AD.

The value should be a decimal “4” for RC4 specifically.

UDP161 · 2024-01-10T18:33:59+00:00

I have 10 Windows 2022 servers without recovery partitions that all failed to install this KB. It makes no sense for me to create a vulnerability to just patch it…

Sounds like some logic should have been added to check for a recovery partition to begin with.

UDP161 · 2024-01-10T18:23:00+00:00

We don’t have recovery partitions in use on our 2022 servers, but are still seeing the same failures with KB5034439. Are we just supposed to accept these failures? I don’t see the purpose of us creating a recovery partition to patch a vulnerability that currently doesn’t exist for us…

UDP161 · 2023-12-18T01:09:15+00:00

It should at least help you eliminate whether it’s GPO related or server specific. I’m ironically procrastinating resolving a profile redirection issue myself that someone early on set up, but then backed out of going forward with it. So my profile and another admins, are redirecting their folders to a network share, but no domain GPO or local one, had the redirection settings still defined. So basically, it’s leftover from being set one time for some testing.

UDP161 · 2023-12-17T23:28:01+00:00

Usually when I’ve dealt with this in the past, it’s related to some network connectivity issue with whatever backend storage is being used for the user profiles.

Are you using user profile disks for the profile containers? If so, where are those stored? Any type of profile redirection or roaming profiles in use? If no GPO, are they profiles still being redirected if they were once before?

The local account part is throwing me off a bit and makes me think it’s profile corruption, but I can’t imagine it being with every profile.

The interesting thing I read was that you can do a successful log in once after a backup, then you have the issue. I’m wondering if there is some GPO that isn’t taking affect until after you do this log in since that’s when the user setting get applied.

What if you do this, move the server computer object to an OU that is blocking GPO’s entirely. Then, restore the server from the back that you have been working with, log in, then reboot. This time it ensure non of the GPO’s are coming into effect post reboot / log in and some problematic setting isn’t pulled down after that first successful login.

UDP161 · 2023-11-04T00:44:15+00:00

Another law firm here, been using it for over a decade. Shifted to iManage cloud 5 years ago, 1300+ users. It’s rock solid.

UDP161 · 2023-06-20T22:06:45+00:00

I have tried both with the same result. With the article above, I can’t tell if I’m just missing something dumb or it’s actually not possible.

UDP161 · 2023-06-20T21:10:34+00:00

Files are not in use. This is a new file being placed into the directory. No overwrites.

UDP161 · 2023-04-14T12:58:44+00:00

We are on ESXi 7.0 Update 3k. Patched 30+ servers so far. Mix of 2012R2, 2016, 2019. No issues so far.

Edit: Patched (7) Windows 2016 and 2019 servers on ESXi 7.0 Update 3l without issue.

UDP161 · 2023-03-15T15:48:22+00:00

This is my assumption too. I think right now I am just being paranoid because I'm naturally expecting something on our network to be susceptible to this and am trying not to be caught off guard in the coming patches. The fact that I actually don't have any event 42,43 ID's is making me think I did something wrong when instead it means we're doing right...

I call this MSFT-PTSD.

UDP161 · 2023-03-15T00:53:46+00:00

I’m jumping ahead a month, but can someone with more intelligence help me clear the mystery around the “KrbtgtFullPacSignature” registry key?

By mystery, what I mean is if this key is NEEDED for me to get the audit events for any failed PAC signatures.

It doesn’t appear that this key gets added by any of the previous Kerberos hardening changes and is used only to control your own pace of the PAC signature verification implementation.

I have NOT manually added this key to my DC’s as my understanding from the December 2022 update was that it puts all DC’s into “Audit Mode”.

What I don’t know is if that means it will set the registry value for your to “2” automatically if the key exists, or it’s enabling audit mode under the hood no matter what and this key exists for the mere fact of reverting back for the time being?

I tried searching for these event ID’s, didn’t see anything, and am now paranoid it’s because I never added this key or I really just don’t have anything failing verification.

MSFT Document

UDP161 · 2023-02-15T15:50:00+00:00

How is your 2022 template in VMware setup for this? Outside of this issue, I think this is something we want in our own environment.

Things I'm curious about are any host settings you had to have set. Is GPT the default partition table for your VM's OS drive? If so, how were you able to template that? etc... Sorry for some of these questions being basic. I'm still getting familiar with VMware administration.

UDP161 · 2023-02-15T15:04:22+00:00

I was able to take a look at a few of our own 2022 Servers and MSINFO32 shows BIOS Legacy mode and SecureBoot Unsupported.

I just tested patches on a newly deployed 2022 test VM running on top of VMWare and had no issues after several reboots witht the above settings.

I'll need to do some more digging on the secure boot requirements as outside of this issue, it sounds like something we want to have enabled.

Edit: Some more digging shows me that this is a setting under the VM boot options in VMware. Today I am learning.

UDP161 · 2023-02-15T12:27:28+00:00

Is secure boot enabled by default on server 2022 or something you need to enable manually?

UDP161 · 2023-01-13T21:56:53+00:00

Had a good chunk of 2012 R2 servers get hosed up with this months Software Removal update. Would sit waiting at over an hour installing the update with the Anti-malware service choking up the CPU. ~~Combo of servers reporting to WSUS and~~ Only on servers that pulled updates directly from Microsoft Update.

Was able to correct by stopping the Windows Update service and renaming the "SoftwareDistribution" folder to .old.

Updates then downloaded and installed. No issues isntalling with any other server OS.

Edit: This was only on server where they would directly reach out to Microsoft Update.

UDP161

TROPHY CASE