Windows Server release information

Microsoft has updated its servicing model. The Semi-Annual Channel is a twice-per-year feature update release with 18-month servicing timelines for each release. This page is designed to help you determine the end of support date for the Semi-Annual Channel releases.

The Semi-Annual Channel provides opportunity for customers who are innovating quickly to take advantage of new operating system capabilities at a faster pace, both in applications — particularly those built on containers and microservices. For more information see the Comparison of servicing channels. Customers also have the option to continue using the Long-Term Servicing Channel releases, which continue to be released every 2-3 years. Each Long-Term Servicing Channel release is supported for 5 years of mainstream support and 5 years of extended support.

Windows Server current versions by servicing option

Windows Server release	Version	OS Build	Availability	Mainstream support end date	Extended support end date
Windows Server, version 20H2 (Semi-Annual Channel) (Datacenter Core, Standard Core)	20H2	19042.508.200927-1902	10/20/2020	05/10/2022	Review note
Windows Server, version 2004 (Semi-Annual Channel) (Datacenter Core, Standard Core)	2004	19041.264.200508-2205	05/27/2020	12/14/2021	Review note
Windows Server, version 1909 (Semi-Annual Channel) (Datacenter Core, Standard Core)	1909	18363.418.191007-0143	11/12/2019	05/11/2021	Review note
Windows Server, version 1903 (Semi-Annual Channel) (Datacenter Core, Standard Core)	1903	18362.30.190401-1528	5/21/2019	12/08/2020	Review note
Windows Server 2019 (Long-Term Servicing Channel) (Datacenter, Essentials, Standard)	1809	17763.107.1010129-1455	11/13/2018	01/09/2024	01/09/2029
Windows Server, version 1809 (Semi-Annual Channel) (Datacenter Core, Standard Core)	1809	17763.107.1010129-1455	11/13/2018	11/10/2020	Review note
Windows Server 2016 (Long-Term Servicing Channel)	1607	14393.0	10/15/2016	01/11/2022	01/11/2027

End of service for Windows Server, version 1809 has been delayed due to the ongoing public health crisis. For more information, see our Support article.

Windows Server, version 1803 and later are governed by the Modern Lifecycle Policy. See the Windows Lifecycle FAQ and Comparison of servicing channels for details regarding servicing requirements and other important information.

Release Notes: Important Issues in Windows Server 2016

Applies to: Windows Server 2016

These release notes summarize the most critical issues in the Windows Server 2016 operating system, including ways to avoid or work around the issues, if known. For information about by-design changes, new features, and fixes in this release, see What’s New in Windows Server 2016 and announcements from the specific feature teams. Unless otherwise specified, each reported issue applies to all editions and installation options of Windows Server 2016.

This document is continuously updated. As critical issues requiring a workaround are discovered, they are added, as are new workarounds and fixes as they become available.

Express updates available starting in November 2018 (NEW)

Starting with the November 2018 Update Tuesday update, Windows will again publish Express updates for Windows Server 2016. If you’re using WSUS and Configuration Manager you will once again see two packages for the Windows Server 2016 update: a Full update and an Express update. If you want to use Express for your server environments, you need to confirm that the server has taken a full update since November 2017 (KB# 4048953) to ensure the Express update installs correctly. If you attempt an Express update on a server that hasn’t been updated since the 2017 11B update (KB# 4048953), you’ll see repeated failures that consume bandwidth and CPU resources in an infinite loop. If you get into this scenario, stop pushing the Express update, and instead push a recent Full update to stop the failure loop.

Server Core installation option

When you install Windows Server 2016 by using the Server Core installation option, the print spooler is installed and starts by default even when the Print Server role is not installed.

To avoid this, after the first boot, set the print spooler to disabled.

Containers

• Before you use containers, install Servicing stack update for Windows 10 Version 1607: August 23, 2016 or any later updates that are available. Otherwise, a number of problems can occur, including failures in building, starting, or running containers, and errors similar to CreateProcess failed in Win32: The RPC server is unavailable.

• The NanoServerPackage OneGet provider does not work in Windows Containers. To work around this, use Find-NanoServerPackage and Save-NanoServerPackage on a different computer (not a container) to download the needed package. Then copy the packages into the container and install them.

Device Guard

If you use virtualization-based protection of code integrity or Shielded virtual machines (that use virtualization-based protection of code integrity), you should be aware that these technologies could be incompatible with some devices and applications. You should test such configurations in your lab before enabling the features on production systems. Failure to do so could result in unexpected data loss or stop errors.

Microsoft Exchange

If you attempt to run Microsoft Exchange 2016 CU3 on Windows Server 2016, you will experience errors in the IIS host process W3WP.exe. There is no workaround at this time. You should postpone deployment of Exchange 2016 CU3 on Windows Server 2016 until a supported fix is available.

Remote Server Administration Tools (RSAT)

If you’re running a version of Windows 10 older than the Anniversary Update, and are using Hyper-V and virtual machines with an enabled virtual Trusted Platform Module (including shielded virtual machines), and then install the version of RSAT provided for Windows Server 2016, attempts to start those virtual machines will fail.

To avoid this, upgrade the client computer to Windows 10 Anniversary Update (or later) prior to installing RSAT. If this has already occurred, uninstall RSAT, upgrade the client to Window 10 Anniversary Update, and then reinstall RSAT.

Shielded virtual machines

Ensure that you have installed all available updates before you deploy Shielded virtual machines in production.

If you use virtualization-based protection of code integrity or Shielded virtual machines (that use virtualization-based protection of code integrity), you should be aware that these technologies could be incompatible with some devices and applications. You should test such configurations in your lab before enabling the features on production systems. Failure to do so could result in unexpected data loss or stop errors.

Start menu

This issue affects Windows Server 2016 installed with the Server with Desktop Experience option.

If you install any applications which add shortcut items inside a folder on the Start menu, the shortcuts won’t work until you log out and log back in again.

Go back to the main Windows Server 2016 hub.

Storport Performance

Some systems may exhibit reduced storage performance when running a new install of Windows Server 2016 versus Windows Server 2012 R2.В A number of changes were made during the development of Windows Server 2016 to improve security and reliability of the platform. Some of those changes, like enabling Windows Defender by default, result in longer I/O paths that can reduce I/O performance in certain workloads and patterns. Microsoft does not recommend disabling Windows Defender as it is an important layer of protection for your systems.В

Copyright

This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

В© 2016 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Hyper-V, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

This product contains graphics filter software; this software is based in part on the work of the Independent JPEG Group.

What’s New in Windows Server 2016

Applies to: Windows Server 2016

To learn about the latest features in Windows, see What’s New in Windows Server. The content in this section describes what’s new and changed in Windows ServerВ® 2016. The new features and changes listed here are the ones most likely to have the greatest impact as you work with this release.

Compute

The Virtualization area includes virtualization products and features for the IT professional to design, deploy, and maintain Windows Server.

General

Physical and virtual machines benefit from greater time accuracy due to improvements in the Win32 Time and Hyper-V Time Synchronization Services. Windows Server can now host services that are compliant with upcoming regulations which require a 1ms accuracy with regards to UTC.

Hyper-V

What’s new in Hyper-V on Windows Server 2016. This topic explains the new and changed functionality of the Hyper-V role in Windows Server 2016, Client Hyper-V running on Windows 10, and Microsoft Hyper-V Server 2016.

Windows Containers: Windows Server 2016 container support adds performance improvements, simplified network management, and support for Windows containers on Windows 10. For some additional information on containers, see Containers: Docker, Windows and Trends.

Nano Server

What’s New in Nano Server. Nano Server now has an updated module for building Nano Server images, including more separation of physical host and guest virtual machine functionality as well as support for different Windows Server editions.

There are also improvements to the Recovery Console, including separation of inbound and outbound firewall rules as well as the ability to repair the configuration of WinRM.

Shielded Virtual Machines

Windows Server 2016 provides a new Hyper-V-based Shielded Virtual Machine to protect any Generation 2 virtual machine from a compromised fabric. Among the features introduced in Windows Server 2016 are the following:

New «Encryption Supported» mode that offers more protections than for an ordinary virtual machine, but less than «Shielded» mode, while still supporting vTPM, disk encryption, Live Migration traffic encryption, and other features, including direct fabric administration conveniences such as virtual machine console connections and Powershell Direct.

Full support for converting existing non-shielded Generation 2 virtual machines to shielded virtual machines, including automated disk encryption.

Hyper-V Virtual Machine Manager can now view the fabrics upon which a shielded virtual is authorized to run, providing a way for the fabric administrator to open a shielded virtual machine’s key protector (KP) and view the fabrics it is permitted to run on.

You can switch Attestation modes on a running Host Guardian Service. Now you can switch on the fly between the less secure but simpler Active Directory-based attestation and TPM-based attestation.

End-to-end diagnostics tooling based on Windows PowerShell that is able to detect misconfigurations or errors in both guarded Hyper-V hosts and the Host Guardian Service.

A recovery environment that offers a means to securely troubleshoot and repair shielded virtual machines within the fabric in which they normally run while offering the same level of protection as the shielded virtual machine itself.

Host Guardian Service support for existing safe Active Directory – you can direct the Host Guardian Service to use an existing Active Directory forest as its Active Directory instead of creating its own Active Directory instance

For more details and instructions for working with shielded virtual machines, see Shielded VMs and Guarded Fabric Validation Guide for Windows Server 2016 (TPM).

Identity and Access

New features in Identity improve the ability for organizations to secure Active Directory environments and help them migrate to cloud-only deployments and hybrid deployments, where some applications and services are hosted in the cloud and others are hosted on premises.

Active Directory Certificate Services

Active Directory Certificate Services (AD CS) in Windows Server 2016 increases support for TPM key attestation: You can now use Smart Card KSP for key attestation, and devices that are not joined to the domain can now use NDES enrollment to get certificates that can be attested for keys being in a TPM.

Active Directory Domain Services

Active Directory Domain Services includes improvements to help organizations secure Active Directory environments and provide better identity management experiences for both corporate and personal devices. For more information, see What’s new in Active Directory Domain Services (AD DS) in Windows Server 2016.

Active Directory Federation Services

What’s New in Active Directory Federation Services. Active Directory Federation Services (AD FS) in Windows Server 2016 includes new features that enable you to configure AD FS to authenticate users stored in Lightweight Directory Access Protocol (LDAP) directories. For more information, see What’s New in AD FS for Windows Server 2016.

Web Application Proxy

The latest version of Web Application Proxy focuses on new features that enable publishing and preauthentication for more applications and improved user experience. Check out the full list of new features that includes preauthentication for rich client apps such as Exchange ActiveSync and wildcard domains for easier publishing of SharePoint apps. For more information, see Web Application Proxy in Windows Server 2016.

Administration

The Management and Automation area focuses on tool and reference information for IT pros who want to run and manage Windows Server 2016, including Windows PowerShell.

Windows PowerShell 5.1 includes significant new features, including support for developing with classes and new security features that extend its use, improve its usability, and allow you to control and manage Windows-based environments more easily and comprehensively. See New Scenarios and Features in WMF 5.1 for details.

New additions for Windows Server 2016 include: the ability to run PowerShell.exe locally on Nano Server (no longer remote only), new Local Users & Groups cmdlets to replace the GUI, added PowerShell debugging support, and added support in Nano Server for security logging & transcription and JEA.

Here are some other new administration features:

PowerShell Desired State Configuration (DSC) in Windows Management Framework (WMF) 5

Windows Management Framework 5 includes updates to Windows PowerShell Desired State Configuration (DSC), Windows Remote Management (WinRM), and Windows Management Instrumentation (WMI).

For more info about testing the DSC features of Windows Management Framework 5, see the series of blog posts discussed in Validate features of PowerShell DSC. To download, see Windows Management Framework 5.1.

PackageManagement unified package management for software discovery, installation, and inventory

Windows Server 2016 and Windows 10 includes a new PackageManagement feature (formerly called OneGet) that enables IT Professionals or DevOps to automate software discovery, installation, and inventory (SDII), locally or remotely, no matter what the installer technology is and where the software is located.

PowerShell enhancements to assist digital forensics and help reduce security breaches

To help the team responsible for investigating compromised systems — sometimes known as the «blue team» — we’ve added additional PowerShell logging and other digital forensics functionality, and we’ve added functionality to help reduce vulnerabilities in scripts, such as constrained PowerShell, and secure CodeGeneration APIs.

Networking

This area addresses networking products and features for the IT professional to design, deploy, and maintain Windows Server 2016.

Software-Defined Networking

You can now both mirror and route traffic to new or existing virtual appliances. Together with a distributed firewall and Network security groups, this enables you to dynamically segment and secure workloads in a manner similar to Azure. Second, you can deploy and manage the entire Software-defined networking (SDN) stack using System Center Virtual Machine Manager. Finally, you can use Docker to manage Windows Server container networking, and associate SDN policies not only with virtual machines but containers as well. For more information, see Plan a Software Defined Network Infrastructure.

TCP performance improvements

The default Initial Congestion Window (ICW) has been increased from 4 to 10 and TCP Fast Open (TFO) has been implemented. TFO reduces the amount of time required to establish a TCP connection and the increased ICW allows larger objects to be transferred in the initial burst. This combination can significantly reduce the time required to transfer an Internet object between the client and the cloud.

In order to improve TCP behavior when recovering from packet loss we have implemented TCP Tail Loss Probe (TLP) and Recent Acknowledgment (RACK).В TLP helps convert Retransmit TimeOuts (RTOs) to Fast Recoveries and RACK reduces the time required for Fast Recovery to retransmit a lost packet.В

Security and Assurance

Includes security solutions and features for the IT professional to deploy in your datacenter and cloud environment. For information about security in Windows Server 2016 generally, see Security and Assurance.

Just Enough Administration

Just Enough Administration in Windows Server 2016 is security technology that enables delegated administration for anything that can be managed with Windows PowerShell. Capabilities include support for running under a network identity, connecting over PowerShell Direct, securely copying files to or from JEA endpoints, and configuring the PowerShell console to launch in a JEA context by default. For more details, see JEA on GitHub.

Credential Guard

Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. See Protect derived domain credentials with Credential Guard.

Remote Credential Guard

Credential Guard includes support for RDP sessions so that the user credentials remain on the client side and are not exposed on the server side. This also provides Single Sign On for Remote Desktop. See Protect derived domain credentials with Windows Defender Credential Guard.

Device Guard (Code Integrity)

Device Guard provides kernel mode code integrity (KMCI) and user mode code integrity (UMCI) by creating policies that specify what code can run on the server. See Introduction to Windows Defender Device Guard: virtualization-based security and code integrity policies.

Windows Defender

Windows Defender Overview for Windows Server 2016. Windows Server Antimalware is installed and enabled by default in Windows Server 2016, but the user interface for Windows Server Antimalware is not installed. However, Windows Server Antimalware will update antimalware definitions and protect the computer without the user interface. If you need the user interface for Windows Server Antimalware, you can install it after the operating system installation by using the Add Roles and Features Wizard.

Control Flow Guard

Control Flow Guard (CFG) is a platform security feature that was created to combat memory corruption vulnerabilities. See Control Flow Guard for more information.

Storage

Storage in Windows Server 2016 includes new features and enhancements for software-defined storage, as well as for traditional file servers. Below are a few of the new features, for more enhancements and further details, see What’s New in Storage in Windows Server 2016.

Storage Spaces Direct

Storage Spaces Direct enables building highly available and scalable storage using servers with local storage. It simplifies the deployment and management of software-defined storage systems and unlocks use of new classes of disk devices, such as SATA SSD and NVMe disk devices, that were previously not possible with clustered Storage Spaces with shared disks.

Storage Replica

Storage Replica enables storage-agnostic, block-level, synchronous replication between servers or clusters for disaster recovery, as well as stretching of a failover cluster between sites. Synchronous replication enables mirroring of data in physical sites with crash-consistent volumes to ensure zero data loss at the file-system level. Asynchronous replication allows site extension beyond metropolitan ranges with the possibility of data loss.

Storage Quality of Service (QoS)

You can now use storage quality of service (QoS) to centrally monitor end-to-end storage performance and create management policies using Hyper-V and CSV clusters in Windows Server 2016.

Failover Clustering

Windows Server 2016 includes a number of new features and enhancements for multiple servers that are grouped together into a single fault-tolerant cluster using the Failover Clustering feature. Some of the additions are listed below; for a more complete listing, see What’s New in Failover Clustering in Windows Server 2016.

Cluster Operating System Rolling Upgrade

Cluster Operating System Rolling Upgrade enables an administrator to upgrade the operating system of the cluster nodes from Windows Server 2012 R2 to Windows Server 2016 without stopping the Hyper-V or the Scale-Out File Server workloads. Using this feature, the downtime penalties against Service Level Agreements (SLA) can be avoided.

Cloud Witness

Cloud Witness is a new type of Failover Cluster quorum witness in Windows Server 2016 that leverages Microsoft Azure as the arbitration point. The Cloud Witness, like any other quorum witness, gets a vote and can participate in the quorum calculations. You can configure cloud witness as a quorum witness using the Configure a Cluster Quorum Wizard.

Health Service

The Health Service improves the day-to-day monitoring, operations, and maintenance experience of cluster resources on a Storage Spaces Direct cluster.

Application development

Internet Information Services (IIS) 10.0

New features provided by the IIS 10.0 web server in Windows Server 2016 include:

• Support for HTTP/2 protocol in the Networking stack and integrated with IIS 10.0, allowing IIS 10.0 websites to automatically serve HTTP/2 requests for supported configurations. This allows numerous enhancements over HTTP/1.1 such as more efficient reuse of connections and decreased latency, improving load times for web pages.
• Ability to run and manage IIS 10.0 in Nano Server. See IIS on Nano Server.
• Support for Wildcard Host Headers, enabling administrators to set up a web server for a domain and then have the web server serve requests for any subdomain.
• A new PowerShell module (IISAdministration) for managing IIS.

For more details see IIS.

Distributed Transaction Coordinator (MSDTC)

Three new features are added in Microsoft Windows 10 and Windows Server 2016:

A new interface for Resource Manager Rejoin can be used by a resource manager to determine the outcome of an in-doubt transaction after a database restarts due to an error. See IResourceManagerRejoinable::Rejoin for details.

Improved tracing allowing you to set a registry key to include an image file path in the trace log file name so you can tell which trace log file to check. See How to enable diagnostic tracing for MS DTC on a Windows-based computer for details on configuring tracing for MSDTC.