14 DAY TRIAL // Microsoft has released new updates specifically to fix authentication failures on pretty much every Windows version out there that’s still supported.
The bug was first acknowledged on May 10, shortly after Microsoft shipped this month’s Patch Tuesday updates.
The company says the authentication issues could happen on either the server or the client side, as it all comes down to how the mapping of certificates to machine accounts is triggered.
Microsoft previously provided a temporary fix, telling admins to manually map certificates to a machine account in Active Directory. But now that new updates are available, simply installing them should bring things back to normal.
“After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller,” Microsoft explains.
“This issue was resolved in out-of-band updates released May 19, 2022 for installation on Domain Controllers in your environment. There is no action needed on the client side to resolve this authentication issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.”
The new updates that you can download to fix these issues are following:
- Windows Server 2022: KB5015013
- Windows Server, version 20H2: KB5015020
- Windows Server 2019: KB5015018
- Windows Server 2016: KB5015019
- Windows Server 2012 R2: KB5014986
- Windows Server 2012: KB5014991
- Windows Server 2008 R2 SP1: KB5014987
- Windows Server 2008 SP2: KB5014990
The affected operating systems start with Windows 7 SP1, which is only supported as part of the ESU program, and with Windows 11.