14 DAY TRIAL // Microsoft has issued a new batch of Windows out-of-band updates specifically supposed to resolve sign-in failures and other issues related to Kerberos authentication.
The software giant says the whole thing is caused by the November 8 updates, with the issue hitting Windows Servers with the Domain Controller role and Kerberos authentication enabled.
According to Microsoft, the following errors could be encountered:
- Domain user sign in might fail. This also might affect Active Directory Federation Services (AD FS) authentication.
- Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) might fail to authenticate.
- Remote Desktop connections using domain users might fail to connect.
- You might be unable to access shared folders on workstations and file shares on servers.
- Printing that requires domain user authentication might fail.
Needless to say, the issue is unlikely to affect too many home users, as it exists only on devices that are part of an on-premises domain.
Microsoft says it has already resolved the bug with out-of-band updates, and system administrators should download them right now.
“This issue was resolved in out-of-band updates released November 17, 2022 for installation on all the Domain Controllers (DCs) in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them,” Microsoft says.
The patches are part of both cumulative updates and standalone updates. If you want to download only the fixes (independent from cumulative updates), the following packs are available:
- Windows Server 2012 R2: KB5021653
- Windows Server 2012: KB5021652
- Windows Server 2008 R2 SP1: This update is not yet available. Please check here in the coming week for more information.
- Windows Server 2008 SP2: KB5021657