Release Notes: Important Issues in Windows 8.1 Preview

  • Article

Applies To: Windows 8.1

[Content in this topic that applies specifically to Windows 8.1 Preview or Windows Server 2012 R2 Preview is preliminary and subject to change in future releases.]

These release notes address the most critical issues and information about the Windows® 8.1 operating system. For information about by-design changes, new features, and fixes in this release, see https://technet.microsoft.com/windows/dn140266.aspx. For information you should review prior to installing this release, see https://go.microsoft.com/fwlink/p/?LinkId=240148. Unless otherwise specified, these notes apply to all editions and installation options of Windows 8.1.

Setup

This issue only affects checked builds of Windows Server 2012 and Windows 8.1.

During Setup, an application dialog box appears referencing an application error in TabTip.exe. You can safely click OK and continue with Setup.

Deployment

  • If you attempt to run Sysprep.exe to create a WIM image more than one hour after the first user has logged on to the newly installed operating system, Sysprep.exe will fail. A scheduled maintenance task that recovers disk space by removing unused features is the cause.

    To avoid this, disable the maintenance task immediately after completing Setup. You can disable the task with this command:

    Schtasks.exe /change /disable /tn "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup"

  • If you deploy an image using Microsoft Deployment Toolkit 2013 or Unattend.exe and include CopyProfile=true in the answer file, the deployment will fail with a “location is not available” error or each new login attempt will create a new temporary user account profile.

    To avoid this, do not use CopyProfile=true in the answer file. There is no other workaround at this time.

Network Access Protection

If you upgrade a computer running Windows 8 to this release, functionality related to Network Access Protection (NAP; including VPN, DirectAccess, and 802.1x) will fail if Windows SHA is being used in the NAP policy.

To correct this, either restart the NAP Agent service or restart the computer. To restart the NAP Agent service, run the following at a command line:

Net stop napagent && net start napagent

OWA

You cannot log on to Outlook Web App (OWA) from Internet Explorer 11. To avoid this, either delete the browser history or open an inPrivate session, and then log on to OWA.

Security

  • Services that use Transport Layer Security (TLS) to connect to domain controllers (such as Internet Explorer) will fail to connect.

    To avoid this, disable support for TLS session tickets by using Regedit32.exe (or a script or command) to set the value of the HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EnableSessionTicket registry key to 0x0002.

    Alternately, you can configure the service to run as a domain user account or a group-managed service account.

  • RC4 is no longer enabled by default for TLS. Applications (such as Internet Explorer) might fail to connect if they depend on RC4. You can enable RC4 support by configuring these registry keys with the following REG command:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]"Enabled"=dword:ffffffff

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]"Enabled"=dword:ffffffff

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]"Enabled"=dword:ffffffff

  • When credential delegation is disabled, it no longer caches credentials. If you enable the “Allow delegating default credentials” policy, users who are currently signed on will not have credentials cached. If they then use an application that delegates default credentials, the application will still prompt for credentials. After a user has either unlocked the desktop or signed off, applications will no longer prompt for credentials.

  • The Digest client does not cache credentials for domain members. Applications will prompt for credentials. You can enable caching in Digest clients with the following REG command:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\] “UseLogonCredential” =dword:1

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

©2013 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Hyper-V, MS-DOS, Windows, Windows NT, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

This product contains graphics filter software; this software is based in part on the work of the Independent JPEG Group.

All other trademarks are property of their respective owners.

4.0