Microsoft publishes an OOB Windows update to address a Kerberos authentication issue with Domain Controllers.

There have been numerous reports of Windows issues just in the last couple of weeks. This includes a problem with audio sync blocking in Windows 11 version 22H2, a decline in gaming performance, issues with Direct Access, and Taskbar annoyances in Windows 10. Microsoft has disclosed a different issue involving sign-in difficulties on Windows Servers using the Domain Controller role. The good news is that Microsoft has already found a solution to this issue.

The problem in question was brought on by this month’s Patch Tuesday update, and it resulted in Kerberos authentication failures when carrying out numerous tasks, including domain user sign-in, failures for domain users to connect to Remote Desktop, and printing that might require domain user authentication.

Microsoft has stated that it would be issuing out-of-band (OOB) upgrades that must be implemented on all DCs in your environment in a new update to its Windows health dashboard. The company has advised that no additional adjustments were needed on client or server devices, so you can safely undo any that you did to fix the problem on your own.

It’s crucial to realise that Windows Update does not give the most recent patch. To download and install the updates, users must manually look for certain KB numbers in the Microsoft Update Catalog. The following is a list of server SKUs’ KB numbers:

  • Regular updates
  • KB5021656 for Windows Server 2022.
  • KB5021655 for Windows Server 2019.
  • KB5021654: Windows Server 2016
  • Independent Updates
  • KB5021653 for Windows Server 2012 R2.
  • KB5021652 for Windows Server 2012.
  • Using Windows Server 2008 R2 SP1: This update is still not accessible. For more details, please check back here in the upcoming week.
  • KB5021657 for Windows Server 2008 SP2.

Microsoft has also released the following advice, depending on the release cadence its customers have chosen:

You only need to install these stand-alone updates for the month of November 2022 if you are utilising security-only updates for these versions of Windows Server. You must install all prior Security only updates in order to be fully updated because Security only updates are not cumulative. Security and all quality upgrades are included in the monthly rollup updates, which are cumulative. The standalone updates mentioned above must be installed in addition to the Monthly rollups released on November 8, 2022, in order to receive the quality updates for November 2022 if you use monthly rollup updates. You do not need to uninstall the impacted updates if you have already installed updates released on November 8, 2022, in order to install any subsequent updates, such as those mentioned above.

It’s encouraging to see Microsoft delivering OOB fixes for important vulnerabilities like these instead of waiting for the start of next month’s Patch Tuesday cycle because the update impacts pretty much all server and client versions of Windows.

Christopher Woodill

About ME

Enterprise technology leader for the past 15+ years…certified PMP, Six Sigma Black Belt and TOGAF Enterprise Architect. I collaborate with companies to help align their strategic objectives with concrete implementable technology strategies. I am Vice President, Enterprise Solutions for Klick Health.

Leave a Comment