14 DAY TRIAL // Microsoft has recently acknowledged a new bug caused by the most recent cumulative updates shipped by the company not only to Windows 11 but also to Windows 10, Windows 8.1, and even Windows 7.
Worth knowing is that Windows 7 is only getting updates as part of the ESU program.
In a tech support document published recently, Microsoft explains that the latest cumulative updates that were published as part of the May 2022 Patch Tuesday cycle cause authentication failures on the server or client for services.
“After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller, Microsoft says.
While the company explains it’s already investigating the problem, a workaround is also available, essentially requiring users to manually map certificates.
Obviously, this isn’t necessarily the most convenient workaround, but at least it brings things back to normal until Microsoft comes up with a fix.
“Workaround: The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory. For instructions, please see Certificate Mapping. Note: The instructions are the same for mapping certificates to user or machine accounts in Active Directory. If the preferred mitigation will not work in your environment, please see KB5014754—Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note: Any other mitigation except the preferred mitigations might lower or disable security hardening,” it says.
No ETA has been offered as to when the full fix could go live for Windows users.