Windows 10 KB5003698 update fixes VPN fail, blurry text issues

Microsoft has released the June release preview cumulative updates for all editions of Windows 10 and Windows Server versions 1809 and 1909, with fixes for issues causing VPNs to fail and blurry text on the News and Interests taskbar button.

This update is part of Microsoft’s June 2021 monthly “C” update, allowing users to preview forthcoming updates and fixes scheduled for the approaching July 2021 Patch Tuesday.

After installing the KB5003698 non-security updates, you may encounter issues with system and user certificates lost when updating from Windows 10 1809 or later versions via outdated update media.

Further details on the types of updates Microsoft releases monthly can be found in the Windows 10 update servicing cadence primer.

KB5003698 update highlights

With the KB5003698 monthly release preview update, Microsoft addresses an issue that could cause VPNs to fail after renewing user auto-enrolled certificates with a “There are no more files” error message.

It also fixes an issue that may lead to audio loss when connecting a second external monitor to the system and a bug that might cause a system freeze with a 0x3B error when using AppLocker to validate files with multiple signatures.

KB5003698 also addresses a known Windows 10 issue leading to FLAC encoded music files becoming corrupted and unplayable after changing their title, artist, or other metadata.

Last but not least, the update fixes a bug causing the text on the “News and Interests” Windows Taskbar to become blurry after installing KB5001391 or later Windows 10 updates.

Other highlights included in this update:

  • Updates an issue with Search box graphics on the Windows taskbar that occurs if you right-click the taskbar and turn off News and interests. This graphics issue is especially visible when using dark mode.

  • Updates an issue that prevents certain screen reader apps from running. 

  • Addresses an issue that might cause a stop error when you run SmbConnectStress for a prolonged duration.

What’s changed

The KB5003698 Windows 10 cumulative update is considered optional, and it will not be automatically deployed since it is a preview update.

To install it, you have to go to Settings > Update & Security > Windows Update and ‘Check for updates.’ You’ll then be able to download and install the update from the ‘Optional updates available’ area.

You can also download the June preview updates from the Microsoft Catalog. After installing KB5003698, Windows 10 1909 will be updated to build 18363.1645, while Windows 10 1809 will be upgraded to build 17763.2028 after deploying KB5003703.

Microsoft also recommends installing the latest servicing stack update (SSU) before these cumulative updates to minimize issues with this update. If using Windows Update, the latest servicing stack update will be installed for you automatically.

Here is the complete list of key quality improvements and fixes delivered with this update:

  • Addresses an issue that prevents sorting from working properly when using multiple versions of National Language Support (NLS) sorting.

  • Addresses a performance issue in the MultiByteToWideChar() function that occurs when it is used in a non-English locale.

  • Addresses an issue that fails to properly manage touch input related memory before a user session ends.

  • Addresses an issue that results in outdated group membership listings. This issue occurs because the Group Policy service (GPSVC) makes infrequent updates to the Windows Management Instrumentation (WMI) session. As a result, this slows the propagation of changes the Active Directory (AD) administrator makes to user or group membership.

  • Addresses an issue that causes Windows to stop working when it uses AppLocker to validate a file that has multiple signatures. The error is 0x3B.

  • Addresses an issue with the Set-RuleOption PowerShell command that fails to provide the option for the Windows Defender Application Control (WDAC) policy to treat files signed with an expired certificate as unsigned.

  • Addresses an issue that might cause BitLocker to go into recovery mode after updating the Trusted Platform Module (TPM) firmware. This occurs when the “Interactive logon: Machine account lockout Threshold” policy is set and there were incorrect password attempts.

  • Addresses an issue that prevents certain screen reader apps from running when Hypervisor-protected code integrity (HVCI) is enabled.

  • Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events.

  • Improves the accuracy and efficiency of sensitive data analysis in the Microsoft 365 Endpoint data loss prevention (DLP) Classification Engine.

  • Addresses an issue with the Internet Key Exchange (IKE) VPN service on remote access server (RAS) servers. Periodically, users cannot connect a VPN to the server over the IKE protocol. This issue might start several hours or days after restarting the server or restarting the IKEEXT service. Some users can connect while many others cannot connect because the service is in DoS Protection mode, which limits incoming connection attempts.

  • Addresses an issue that might cause a VPN to fail after renewing a user auto-enrolled certificate. The error message is, “There are no more files”.

  • Adds new glyphs to the InkFree.ttf font family for European languages.

  • Addresses an issue that causes a loss of audio when you connect a second external monitor.

  • Addresses a metadata encoding issue that causes Free Lossless Audio Codec (FLAC) music files to become unplayable if you change their title, artist, or other metadata. For more information, see FLAC encoded music file is corrupted when metadata is edited in Windows Explorer.

  • Adds support for the .hif file extension for High Efficiency Image File (HEIF) images.

  • Addresses an issue that causes Remote Desktop sessions to stop responding while the User Datagram Protocol (UDP) is enabled.

  • Adds support for the USBTest and MeasurementClass.

  • Addresses an issue in Adamsync.exe that affects the syncing of large Active Directory subtrees.

  • Addresses an error that occurs when the Lightweight Directory Access Protocol (LDAP) bind cache is full, and the LDAP client library receives a referral.

  • Addresses a redirector stop error that is caused by a race condition that occurs when the system deletes binding objects when connections close.

  • Addresses an issue that might cause a stop error when you run SmbConnectStress for a prolonged duration.

  • Addresses an issue that prevents users from setting or querying disk quotas on the C drive.

  • Addresses an issue that causes blurry text on the news and interests button on the Windows taskbar for some display configurations.

  • Addresses an issue with Search box graphics on the Windows taskbar that occurs if you use the taskbar’s context menu to turn off News and interests. This graphics issue is especially visible when using dark mode.