In another blow to the already troubled Windows Server update cycle, Microsoft has now acknowledged that last month’s security patches are also causing significant issues for domain controllers. According to the tech giant, the April 2024 Windows Server updates can lead to crashes of the critical Local Security Authority Subsystem Service (LSASS) process, resulting in unplanned reboots of domain controllers.

The impacted Windows Server versions include the latest 2022 release all the way down to 2008. Microsoft states that “in rare instances, Windows Servers running the Domain Controller (DC) role might experience Local Security Authority Subsystem Service (LSASS) crashes resulting in a reboot.” This problem appears to stem from memory leaks triggered by the security updates.

This is not the first time Microsoft has had to grapple with LSASS-related issues in its server operating systems. Back in March 2022 and December 2022, the company had to release emergency out-of-band (OOB) updates to address similar problems that were causing domain controller reboots. It seems the tech giant still has not fully resolved the underlying cause.

In addition to the crashes, the April 2024 patches are also leading to NTLM authentication failures and high load on affected domain controllers. VPN connections are also being disrupted across both client and server Windows platforms. Microsoft has acknowledged these problems but is still working on permanent solutions.

For now, the only recommended workaround is to uninstall the problematic security updates. However, this will also remove any security fixes that were included, so it’s a tricky trade-off for admins to make. Microsoft advises using the DISM tool to selectively remove just the troublesome update packages.

This debacle is the latest in a long line of problematic Windows Server updates that have caused headaches for IT teams. It underscores the growing challenges Microsoft faces in developing reliable and stable updates, especially for its mission-critical server products. Enterprises will no doubt be closely monitoring the situation and hoping for a swift and comprehensive fix from Redmond.

Disclaimer:

The content of this blog is for informational purposes only and should not be considered as professional advice. We strive to provide accurate and reliable information, but we make no warranties regarding its completeness, accuracy, reliability, or suitability.Any actions taken based on the information in this blog are at your own risk. Please consult professionals or seek appropriate advice before making any decisions.The content may change over time, and we reserve the right to modify or delete it.The views expressed in this blog are those of the author and do not necessarily reflect our views.Please independently verify any information and make decisions based on your own judgment.For specific concerns, consult professionals or seek appropriate advice.

#WindowsServer #UpdateIssues #DomainControllers #WindowsUpdates