July 2016 update rollup for Windows 7 SP1 and Windows 8.1

The July 2016 update rollup package for Windows 7 Service Pack 1 (SP1), Windows Server 2008 R2 SP1, Windows 8.1 and Windows Server 2012 R2 is out. It comes with a huge number of fixes including some notable performance and reliability patches.

Windows 7

In Windows 7, this update replaces the previously released update KB3161608. It got the KB3172605 patch ID on Windows Update.


The following problems were resolved with this update:
This update includes quality improvements. No new operating system features are being introduced and no new security updates are included. Key changes include:

  • Improved support in Microsoft Cryptographic Application Programming Interface (CryptoAPI) to help identify websites that use Secure Hash Algorithm 1 (SHA-1).
  • Addressed issue in Microsoft Secure Channel (SChannel) that sometime causes Transport Layer Security (TLS) 1.2 connections to fail depending on whether the root certificate is configured as part of the certificate chain for server authentication.

To install it, you can use Windows Update.

Windows 8.1 Search app

In Windows 8.1, July 2016 update rollup is represented by KB3172614. It includes some new improvements and fixes including the improvements from June 2016 update rollup KB3161606. The change log looks as follows:

  • Added support for multiple account authentication using Active Directory Federation Services (ADFS) through "prompt" query parameter.
  • Addressed issue in Host Bus Adapters (HBA) that was including non-Fibre Channel HBA devices in the Fibre Channel HBA list.
  • Added support to set the idle timeout value of a TCP connection used by WinHTTP.
    Using this setting is not recommended because it may cause problems for your applications.
    The default value for the timeout is two minutes. To change the timeout use the WinHttpSetOption function with dwOption set to 135. This option can only be set on a session handle before any connection handles or requests are created for the session. Once connection handles or requests are created, this value can't be modified.
  • Addressed issue where print jobs are no longer working when v4 printer drivers are configured to use Enhanced Driver Configuration.
  • Remote Desktop service may hang when IP Virtualization is configured and there are a high number of remote desktop sessions.
  • Improved support in Microsoft Cryptographic Application Programming Interface (CryptoAPI) to help identify websites that use Secure Hash Algorithm 1 (SHA-1).
  • Running the GPRESULT command with the verbose option results in a crash and customers are unable to audit user or machine policies.
  • The system reports a string corruption problem for AccessReason in the Audit logs for Event ID 4656. These events are reported in a Security audit log, similar to this:
    Log Name           : Security
    Source                 : Microsoft-Windows-Security-Auditing
    Date                    : date time
    Event ID              : 4656
    Task Category     : task category
    Level                   : Information
    Keywords            : keywords
    User                    : N/A
    Computer           : computername
  • This update extends support of the Key Management Service (KMS) for Windows 8 and Windows Server 2012, in order to enable the activation of clients running Windows 10 Anniversary Update-based long-term servicing branch (LTSB) and Windows Server 2016 clients, when they become available.
    In addition to installing this update on the KMS Host, a KMS generic volume license key (GVLK) that is designed to support the Windows 10 Anniversary Update-based LTSB or Windows Server 2016 clients also needs to be installed.
    The KMS GVLKs that support the new versions of Windows will also support previous volume licensing editions of Windows that are acting as KMS clients.
  • When you deploy Windows Server 2008 R2 Service Pack 1 (SP1) through Windows Deployment Services (WDS), if clients are Unified Extensible Firmware Interface (UEFI) and in a routed environment, they don't receive the Dynamic Host Configuration Protocol (DHCP) packets correctly. This results in WDS deployment failing on these clients.
  • When you enable BitLocker on the volume and then expand the volume on Windows Server 2012 R2, there cache manager errors are shown and the commands fail. These are logged in the System log with error 141 - STATUS_MEDIA_WRITE_PROTECTED.
  • When a non-administrator user opens an Access file in a WebDav folder, they might not be able save the file because of a Delete Pending error.
  • When an application is writing data using the VirtualChannelWrite API closes the virtual channel right after it gets write completion event, it could result in data being discarded.
  • When you use the NVM Express (NVMe) driver to retrieve the firmware and model numbers of the solid-state drive (SSD), the NVMe driver will truncate the firmware and model numbers returned from the NVMe devices.
  • When you try to configure connecting a SCSI storage device to a Windows Hyper-V Host, the Host will not recognize the SCSI storage device when Logical Unit (LUN) 0 is not present.
    When there is more logging session churn on the system because of workloads that are being run, Event Tracking (ETW) will crash.
  • When you change application settings using Set-ADFSRelyingPartyTrust, without explicitly setting AlwaysRequireAuthentication, it will reset AlwaysRequireAuthentication bit to the default (false) and users won't be prompted for Multi Factor Authentication (MFA).
  • When you configure Windows Server 2012 R2 for cloud based authentication, there is a high latency on the tenants for authentication and provisioning which causes the CPU usage to drop to less than 10%.
  • When you try to import a certificate into a Virtual Smart Card (VSC) on a Windows based tablet (into the TPM), it might fail. This may cause the certificate to be suspended and prevent enrollment of additional certificates.
  • Addressed issue in Microsoft Secure Channel (SChannel) that sometimes causes Transport Layer Security (TLS) 1.2 connections to fail depending on whether the root certificate is configured as part of the certificate chain for server authentication.
  • When an Exchange server attempts to reestablish the Kerberos client session during a cluster failover it may cause the system to become unresponsive.
  • Updated the inbox component in Windows Server 2012 R2 Essentials to use the new client connector, so that the inbox component won't get uninstalled during Windows 10 upgrades.
  • Improved reliability of Hyper-V Replica (HVR) by increasing the timeout value and making the timeout configurable for replication to complete. Also improved logging, so that HVR doesn't stop logging when the storage left on the device is 300MB.
  • If you installed the May 2016 update rollup for Windows 8.1 and Windows Server 2012 R2 (KB3156418), the DFSRS.exe process may consume a high percentage of CPU processing power (up to 100 percent). This may cause the DFSR service to become unresponsive and you may be unable to stop the service. You must hard-boot affected computers to restart them.

The official announcement is here and here.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!


Author: Sergey Tkachenko

Sergey Tkachenko is a software developer from Russia who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published. Required fields are marked *