Did you try installing the update manually ? Or it was via Windows Update only?
Can you check it manually, if not checked.
I also am experiencing the same issue with KB30000061. I have about 12 HyperV machines, and I am already seeing this on 3, and have yet to get around the rest in applying todays Windows Updates....
I find the amount of Windows Update issue this year is off the charts!!!!
what about sending a mail on :
secure 'at' microsoft 'dot' com
Anyone opened a case yet?
Anyone willing to work with me to open a support case?
Same shit here
two laptop, ASUS and LENOVO, MS Windows 8 Enterprise 32 bits
both failed to install kb3000061. I did cold reboot fix it Windows update but nothing change
this update KB3000061 is CORRUPTED
Hello,
are there any cases, if so can I get the Case numbers?
Also looking for logs from these machines.
All the logs under c:\windows\logs\cbs
Can we make them available for download?
Thank you Darrell for the offer. If anyone on this thread has not opened a case and would like a free support case for this issue, email me at susan-at-msmvps.com (change the -at- to @) and I'll set up a support case for you. I'll need a phone number so that the Microsoft support engineering team can call you back.
Otherwise zip up the log files and place them in a onedrive link and post the link here. If you would prefer a bit of privacy, the security support case will keep these log files more private.
- Edited by Susan BradleyMVP Friday, October 17, 2014 2:52 PM
2014-10-16 20:41:48, Error CSI 00000002 (F) Logged @2014/10/16:18:41:48.424 : [ml:240{120},l:238{119}]"EventAITrace:Provider Microsoft-Windows-Win32k is already installed with GUID {e7ef96be-969f-414f-97d7-3ddb7b558ccc}. " [gle=0x80004005]
you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT
Then reboot and install KB3000061.
You might want to take a backup of the registry key first and then restore everything from it apart from the keys that KB3000061 recreates.
- Proposed as answer by CountryKING Friday, October 17, 2014 3:06 PM
I also have this issue. See my data dump here
I am seeing this on my Windows 8 laptop as well. Have not had time to dig into it just yet.
Jeff
I appear to be able to replicate this problem with the following 4:
Security Update for Windows Server 2012 (KB2923392)
Update for Windows Server 2012 (KB2995387)
Security Update for Windows Server 2012 (KB3000061)
Update for Windows Server 2012 (KB3000988)
I've been shutting down wuauserv, renaming the softwaredistribution folder, starting it back up and doing each one by one. The other 4 updates I had pending all installed properly.
Those 4 fail in the same way.
- Proposed as answer by Jack Jameson Saturday, October 18, 2014 8:55 PM
Same problem on Windows Server 2012. I restored the system state from a backup prior to the updates and was able to install all updates successfully except KB3000061.
Symptoms:
Once I install KB3000061
- No other updates will install.
- Unable to remove Hyper-V role from the server (have not tried adding or removing any other roles or features).
- I get the following Manageability error in Server Manager "Online - Data retrieval failures occurred 10/18/2014 11:57:58 AM [product id] (Activated)"
Opened case for Charles P. 114101811917976
Thanks. Deleting registry key did the trick for me too.
(Just HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}.)
All updates installed normally and my error in Server Manager went away.
Does anyone know what this key does? Should I restore it now that the server is running properly? Thanks.
Hey it worked good. I tried it.
1. Please remember to take a back up first.
2. open Run> type "regedit"
3. Locate the WINEVT using the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEV
4. Export the the folder for the backup
5. Delete everything in the folder but the default key cant be deleted, let it be
6. Restart the computer
7. Performed Windows updates.
8. It will work now. :)
you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT
Then reboot and install KB3000061
This solution is perfetc for windows server 2012 but service windows remote management will be afected.
I am using thix corrector for windows 8. I am waiting
.
Thanks
you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT
Then reboot and install KB3000061.
running regedit you will find this registry.
After a short wait updates for windows 8 are corrects. There is not reverting "puto fastidioso".
Thanks again
I'd like to get an understanding of what's going on before we start advising everyone to nuke out this registry key.
I've got a couple of support cases opened, let's see what they say first before deleting this across the board.
From some deducing what i can tell is the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc} points to a resource
Microsoft-Windows-Win32k at %SystemRoot%\system32\win32k.sys
The KB article for the patch ( http://support.microsoft.com/kb/3000061 ) lists as files being changed:
For all supported x64-based versions of Windows 8 and Windows Server 2012
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Win32k.ptxml | Not applicable | 4,172 | 11-Oct-2012 | 00:37 | Not applicable |
Win32k.sys | 6.2.9200.17130 | 4,068,352 | 28-Sep-2014 | 04:18 | x64 |
Win32k.ptxml | Not applicable | 4,172 | 25-Jul-2012 | 20:29 | Not applicable |
Win32k.sys | 6.2.9200.21247 | 4,067,840 | 28-Sep-2014 | 03:39 | x64 |
Wow64_win32k.ptxml | Not applicable | 4,172 | 12-Feb-2013 | 00:14 | Not applicable |
Wow64_win32k.ptxml | Not applicable | 4,172 | 12-Feb-2013 | 00:09 |
Not applicable |
I can see the relevance of deleting that registry key ONLY (not the whole WINEVT root) as a probable workaround solution. Granted if that is the case then Microsoft should release an updated patch that checks for and correct whatever issue is with that tree causing the update to fail.
It seems from the CBS.log that the updater doesn't not correctly unregister the win32k publisher prior to updating and attempting to re-register the publisher causing it to fail with an already registered message. Deleting the key must simulate the unregistration so when the update gets applied it doesn't fail there.
For those that don't have the key present it is likely there is another issue as the root of the install problem.
EDIT 1:
If I just delete the reg key without rebooting and install the update it works. It succeeded, I also double checked and the registry key did not come back. I will check for more updates then do a reboot see if the keys come back and which ones. If they don't I will restore the backup I took and let you know what happens. I assume it will work as normal, I think these registry keys are just for the event logs.
EDIT 2:
Looks like the old key is supposed to be deleted but it is not being deleted. The key does get replaced but under a different GUID {8c416c79-d49b-4f01-a467-e56d3aa8234c} everything is the same as before with the exception of 2 new entries and one changed one (basically counting the number of entries).
ChannelReferences 5 (Messages) and 6 (Contention) get added and the count in the main key updated to account for the two new references.
I am not sure why the GUID changed, either someone at Microsoft goofed and set the wrong GUID or its supposed to change but again there was a mistake in where the accidentally put the wrong GUID (new one) for the old key thus doesn't get deleted before being re-inserted.
FINAL NOTES:
I would say it is very safe to delete the key under the old GUID since it is being recreated by the update under a new GUID and the issue seems to be that the updater is not correctly deleting the old key thus leading to the update error. Hopefully this helps put to ease J Cervero's concern of grasping the issue. Those who do not have they key likely got it correctly deleted or are already using the new GUID. Can someone who did not have they key originally check to see if one with the new GUID is present?
- Edited by Axelrtgs Tuesday, October 21, 2014 11:04 PM
Hello,
I would like to see more logs from these failures.
Thanks for ones we have gotten so far, but we could use some more.
looking for the logs under c:\windows\logs\CBS.
if they could be made available for download that would be great.
or you can email the logs ( zipped up please)
My first name and last initial @microsoft.com
Hello,
Thanks, got the logs from that case
Hello,
Can one of you experiencing this issue do the following for me please.
If you dont have KB2756872, install it and retry the update
If you do have KB2756872:
- Go to http://www.microsoft.com/en-us/download/details.aspx?id=34908
- Click download
- Select delmigprov.exe
- Confirm
- Run that executable locally
- Try installing the update again and let me know if it works
Hello,
Can one of you experiencing this issue do the following for me please.
If you dont have KB2756872, install it and retry the update
If you do have KB2756872:
- Go to http://www.microsoft.com/en-us/download/details.aspx?id=34908
- Click download
- Select delmigprov.exe
- Confirm
- Run that executable locally
- Try installing the update again and let me know if it works
Another case opened for a customer:
114102811959987
Me help next:
you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT
Then reboot and install KB3000061.
You might want to take a backup of the registry key first and then restore everything from it apart from the keys that KB3000061 recreates.
Interestingly, I only had an issue with KB3000061 on 5 Server 2012 machines - all of which were HyperV VMs. We have only 6 other Windows Server 2012 boxes (We have a lot of 1012 R2 servers). 2 2012 Servers are physical HyperV hosts and 4 are VMware VMs. None of these 6 had issues.
I only deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc} and the patch installed fine. Also, Server Manager remote management also started behaving afterwards.
- To alleviate this problem on Windows 8 and Windows Server 2012 based systems, please export and delete the following registry value, reboot your system and then re-attempt the update: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}
- If deleting the above registry value does not resolve the issue for you, please ping this thread as I'd like to see your follow-up CBS.logs from the system
- For those of you running Windows 8 and Windows Server 2012, I'd actually like to know some additional information about your environments, namely, if the systems impacted were upgrades of a specific kinda (Vista->Win7->Win8) or if there was a special process used when creating your images. Anything you think might be relevant and would be outside of a 'clean install' from media.
- For Windows 8.1 and Windows Server 2012 R2 customers, I still haven't seen a set of logs to confirm we're seeing the same issue. Everything I've seen to this point has been on Windows 8/Windows 2012. I'd love to see logs if you're having an issue.
This is the supported method to resolve this issue (and as others have noted above, this works). This occurs when servers have been upgraded from 2008R2 to 2012 (or WinVista to Win8). The key is being carried over in these scenarios and not being set to the proper value. We're investingating why this occurred but deleting the key and rebooting the system will resolve the problem. If you see something otherwise, please let me know.
- Edited by adamf83 Thursday, October 30, 2014 7:41 PM
This occurs when servers have been upgraded from 2008R2 to 2012 (or WinVista to Win8).
Can you share your CBS.logs somewhere for me so we can take a look at them?
Do you have the following key in your registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{8c416c79-d49b-4f01-a467-e56d3aa8234c}
Joseph,
After installing KB3000061, I do have the registry key you specified.
How can I get you the logs?
Just to confirm that this fix (del just the sub key) works fine for me on several W2012 systems, both VMs and physical, and also upgrades and clean installations.OOI all of them are Datacentre editions...
Many thanks!
At a simplistic level, we keep a change list where we store information about all of the updates being installed in a session. We parse a portion of this list prior to shutdown and pass that through to the reboot. If we notice any of the changes in the list didnt properly take place on the reboot, we halt the session and roll back all updates in the list to preserve the integrity of the machine. Thats what happened in this case, because you had a large amount of updates, even if only one requires a rollback, the entire session is rolled back.
I also tried eliminating HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}, but that did not help.
The system is 64-bit Windows 8, originally installed directly from a Win8 install media.
Tried again. Worked this time. Not sure what I was doing wrong, but all appears to be well now.
Any point in importing the deleted key back in?
I removed the key from the WOW6432Node location (it's not in the other location), and I still cannot install KB3000061. My system is Windows 8 and it was an in-place upgrade from Windows 7.
I also am getting failures on all of the November updates (not sure if that is related).
Thanks,
Jeff
I have the Key "KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{8c416c79-d49b-4f01-a467-e56d3aa8234c}". There is no Key like "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}". All affected hosts are clean installs and all of them are physical RODC. Updates KB3000988 and KB2995387 failed.
Any suggestion? If needed, I would share the cbs.logs (how can I get the logs to you?).
Still investigating. At this point, its likely that the fix for this wont be until after the first of the year.
I did a trial with WSUS last night and a couple non-kernel patches (IE, Flash, dotnet) etc and they all rolled back.
Microsoft needs to address this issue period!
Telling users to open a case is like telling a million people whom are sick with the same virus that in order to have a cure that we first have to tell you whether our cough is scratchy or wheezy. What does that matter. Microsoft is the one creating these problems and they know it.
Instead of using the public as guinea pigs, they should be more focused on proper development from the very beginning and perform thorough testing before releasing any so-called fixes to end-users.
Microsoft is a multi-(Billion)-dollar corporation! Should we be expected to believe that they don't have enough resources to run their own test-labs of hundreds of differently configured systems with various versions of Windows, some of which are sand-boxed as well as others which are connected to the net?!]
It's nothing but the same old song and dance from Microsoft. If they spent enough time to get it right before releasing anything, then maybe more of the updates we actually see from them would simply be software additions rather than patches and bug-fixes.
We already pay through the nose for this so-called "Proprietary Software" but in the end, it really is anything but that!
Microsoft needs to improve upon its development and implementation strategy so that it is not needlessly causing so much software distortion and frustration for it's customer's whom rely heavily upon their software to be dependable.
- Edited by zeroneday Friday, November 28, 2014 8:51 AM Spelling
I've been running into this problem on three different Server 2012 servers. Tons of updates are failing and reverting. I've been able to cherry-pick some updates and install them individually, especially those that don't trigger a reboot. However, I've seen dozens of updates across these three servers failed with error 0x800F0922. That led me to some forum posts suggesting that the System Reserved partition was missing. I created the partition, but that didn't fix the problem.
So while finding some success installing updates one or two at a time (the .NET updates I did in larger batches), I came across a different error 0x80073AA2. I'm not sure how I didn't see that yesterday or today, but maybe after seeing so many occurrences of 0x800F0922, I may have simply missed the 0x80073AA2. Only once I was performing updates one or two at a time did it become apparent.
In my case, the 0x80073AA2 error appeared on KB3002885, the successor to KB3000061. I also noticed on all three servers, in Server Manager, the "online - data retrieval failures occurred" was present. And so I am attempting the Registry key removal fix on one server and will see how it goes. Given the fact that many of you have found success, I am cautiously optimistic it may work for me as well. If it works on one server, I'll try it on the other two. And also make sure KB300061 is yanked from our WSUS.
Matthew,
Unless those servers were upgraded from a downlevel OS like 2008 R2, you aren't hitting the same issue described above. It sounds like you have a completely different servicing issue across the environment.
Joseph,
It's possible that the 0x800F0922 error may have come from a different source, but I don't think so. I applied the Registry fix described above (just HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc) and the problem went away on all of the servers. I just realized there was a fourth server involved, and when I viewed the update history--it had updates failing since November. Sure enough, the problems started when KB3000061 showed up.
So to the folks who identified the Registry fix, I applaud you. And thank you!
Excellent! - having spent 2 days trying to figure out why updates were failing, this registry fix worked for me.
My situation: Windows 8 Pro x64 running as a virtual machine under VMware Fusion 7.0.1
After much trial an error (manually installing each of 100+ updates as standalone patches) I determined that KB3002885 was the culprit.
Exporting and deleting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc} enabled me to install KB3002885and now everything is working fine.
Many thanks to all the Alan Turings out there who figured this out.
I have been searching for this for 3 months when I came across it.
I noticed that I had all the symptoms for this problem but could not find the KB3000061 in the list of updates to install. When I look back at the history of updates, I found that it was the first update to fail.
I followed the instructions to remove only the key and all my VMs that were having this problem now are up to date without any errors.
Thank you for this help
This worked! Per instructions, I deleted the registry key {e7ef96be-969f-414f-97d7-3ddb7b558ccc} identified in a TechNet thread and was able to FINALLY install the dastardly Security Update KB 3000061. As confirmed in the TechNet thread, the KB 3000061 recreated the security key with a different GUID upon reboot.
Oh, forgot to mention that I did follow CountryKING's menu path to get to the above-mentioned registry key - {e7ef96be-969f-414f-97d7-3ddb7b558ccc}. Sorry about that...
In regards to the registry related issue, the workaround of exporting and deleting the key is the fix. We wont be packaging anything additional for it.
Good morning all
Our product support group opened an official case and reported this with Microsoft and they've found the cause. PLEASE NOTE however, that this relates to RODC and ALL patches failing, not just 3000061 on non-RODC. I'll open a separate thread for this as well.
000093 2015-01-23 20:18:30, Info CSI 00000015 Begin executing advanced installer phase 38 (0x00000026) index 4 (sequence 43) 000094 Old component: [ml:350{175},l:348{174}]"Microsoft-Windows-Web-Services-for-Management-Core, Culture=neutral, Version=6.2.9200.16384, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=wow64, versionScope=NonSxS" 000095 New component: [ml:350{175},l:348{174}]"Microsoft-Windows-Web-Services-for-Management-Core, Culture=neutral, Version=6.2.9200.17100, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=wow64, versionScope=NonSxS" 000096 Install mode: install 000097 Installer ID: {118ca598-79a0-4297-953d-e82183960fd2} 000098 Installer name: [13]"Group Trustee" 000099 2015-01-23 20:18:30, Error CSI 00000001@2015/1/23:20:18:30.673 (F) CMIADAPTER: Inner Error Message from AI HRESULT = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED) 000100 [ 000101 (null) 000102 ] 000103 [gle=0x80004005] 000104 2015-01-23 20:18:30, Error CSI 00000002@2015/1/23:20:18:30.673 (F) CMIADAPTER: AI failed. HRESULT = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED) 000105 Element: 000106 [372]"<groupTrustee xmlns="urn:schemas-microsoft-com:asm.v3" name="WinRMRemoteWMIUsers__" description="Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user." type="User" enabled="true"> 000107 000108 <members></members> 000109 000110 </groupTrustee>" 000111 [gle=0x80004005] 000112 2015-01-23 20:18:30, Error CSI 00000003@2015/1/23:20:18:30.673 (F) CMIADAPTER: Exiting with HRESULT code = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED). 000113 [gle=0x80004005] Cause: The installer uses SAM API calls to manage the group. It always connects to the local SAM instance. The component also handles an uninstall task in the same function. On uninstall the group is being deleted. So the SAM handle is requested with "Create Group" and "Delete" access. The error happens because a RODC does not allow any changes and thus returns STATUS_NOT_SUPPORTED. More information about the prevent from accidental deletion feature please refer : http://technet.microsoft.com/en-us/library/cc773347(v=WS.10).aspx http://technet.microsoft.com/en-us/library/cc739350(v=WS.10).aspx Recommendation: This is a Bug in the RODC running on server 2012, However you may do an in place upgrade to Server 2012 R2 and then proceed with the installation of the patch.
The bad news is this is fixed in 2012 R2 with a hotfix - but it isn't fixed in 2012 and it won't be because.. they've only had one official report logged. And that was by us. So, if you want this fixed, you need to start logging this with MS now.
What I can say just now is that this isn't related to the registry fixe with WinEVT we've all been trying, it's NOT limited to 2008 that has been upgraded in place to 2012 (our product support group replicated it in the lab with a brand new 2012 promoted to RODC) and it IS only happening with RODC. Possible fix might be to make your RODC RW for a bit and install your patches then.
More details when I get them.
- Edited by andreww Friday, February 06, 2015 11:49 AM
@andreww
If you're referring to the RODC issue, I'm not sure who in support said we weren't fixing this (and I would like to know so we can correct them) on anything but 2012 R2 but I can tell you that isn't accurate. I'm the PM for the team working on this and we're investigating several editions of the OS including 2012. We are (and have been) investigating this since December but the fix isn't as straightforward as we'd initially hoped. I'm not guaranteeing a fix but we are investigating it.
Hmm. Thanks @joscon - could I just check tho whether you're referring directly to KB3000061 or is this the failure of all patches on RODC since ~October ?
Can you direct message me at andyjgw / gmail.com and I'll pass on the MS call reference number? I don't want to post too much here, not sure if it's appropriate (altho if it's OK to quote internal reference numbers here, I can do so if you prefer).
- Edited by andreww Friday, February 06, 2015 2:48 PM
Thanks, I will do - can't see where your contact details are tho.. ;-)
Should I just post the call number here instead? Or can you email me?
Any update on this? We have 6 RODC's out of 87 that are experiencing this issue with Update KB2995387.
The error in the CBS.log is exactly as described with the WinRM issue. These are fresh install RODC's on a Hyper-V host (2012 Standard) as guest CORE 2012 vm's.
I don't have the reg keys mentioned so I am stuck with these 6 and behind on updates unless I manually install all updates besides this particular one.
- Edited by Quo-Vadis Tuesday, April 14, 2015 9:09 PM
Actually, yes, I have an update. We have a fix created for this which is likely to ship next week. We're in the final stages of testi
This sounds very relevant:
https://support.microsoft.com/en-us/kb/3020370
Issue that is fixed in this update
If the Protect object from accidental deletion option is enabled in the domain root object, some component updates cannot be installed on a read-only domain controller (RODC) in Windows Server 2008 R2 Service Pack 1 (SP1).Tho I'm a little concerned it says W2008R2 and our issue is with 2012... Any thoughts, Joseph?
edit: checked our WSUS server, it's only listed for 2008R2 (x86 and x64)
A
- Edited by andreww Thursday, April 23, 2015 1:26 PM
Thanks for the question, I was in the middle of trying to put a response together when I saw this. There are two components to this fix for Win7, one of which is referenced above and the other is the servicing stack update itself. We haven't released the SSU broadly however these updates are now available via DLC. We dont have a timeframe on when the updates will release via WU/WSUS channels at this time. You can find the relevant version of the files via the links below:
Windows 7/Server 2008 R2 SP1: https://www.microsoft.com/en-us/search/result.aspx?q=KB3020369&form=DLC
Windows 8/Server 2012: https://www.microsoft.com/en-us/search/result.aspx?q=KB3003729&form=DLC
Windows 8.1/Server 2012 R2: https://www.microsoft.com/en-us/search/result.aspx?q=KB3021910&form=DLC
In addition, on Tuesday 4/21, we released a new version of the cmitrust.dll binary which is held in the %windir%\System32\AdvancedInstaller directory. For customers experiencing the RODC failure on Windows 7/Server 2008 R2, this file is required in addition to the SSU noted above. For Windows 8 and Windows 8.1, this is not required to fix the RODC issue but we are recommending that this update be installed alongside the SSU to keep versions up to date.
The DLC version of this file is available for all Windows editions here: https://www.microsoft.com/en-us/search/result.aspx?q=KB3020370&form=DLC and the KB for Win7 specifically is located here: https://support.microsoft.com/en-us/kb/3020370/
Hi,
Confirm the patch above resolves the issue With 2012 Server RODC. It is also available via WSUS now. It did not require restart so you can immediately install problem Update KB2995387 afterwards.