Microsoft fixes TLS handshake failures in Windows Server 2019

 

Microsoft has issued an out-of-band (OOB) non-security update to address an issue triggering Transport Layer Security (TLS) handshake failures on Windows Server 2019 systems.

On affected devices, users see SEC_E_ILLEGAL_MESSAGE errors in applications when connections to servers experience issues. 

“We address an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures,” Microsoft explains.

“For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of fewer than 5 bytes within a single input buffer.”

The known issue addressed in today’s OOB update (KB5020438) affects server platforms, including Windows Server 2019, Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, and Windows 10 IoT Core 2019 LTSC.

Before installing this cumulative update on your device, you must first install August 10, 2021, SSU (KB5005112).

Available via the Microsoft Update Catalog

KB5020438 is unavailable for installation via Windows Update, Windows Update for Business, or Windows Server Update Services (WSUS).

You can only install this OOB cumulative update by downloading the standalone package for your system from the Microsoft Update Catalog.

After deploying the update, the Cluster Service might fail to start because a Cluster Network Driver is not found due to an update to the PnP class drivers used by the service.

If you experience issues after installing KB5020438, you can remove them by selecting “View installed updates” in the Programs and Features Control Panel.

Last month, Microsoft said that it accidentally listed the September Windows preview update in Windows Server Update Services (WSUS).

Redmond added that until the update was removed from WSUS, it could still lead to security update install problems in some managed environments.