Microsoft has released Optional Out-of-Band (OOB) updates to fix a known issue that causes Kerberos login failure and other authentication issues on enterprise Windows Domain Controllers after installing cumulative updates released during the November Patch Tuesday.
The company recognized and The investigation began on Monday when it also said that the known issue may affect any Kerberos authentication scenario within affected enterprise environments.
While Microsoft has it too I started to enforce tighter security For Kerberos and Netlogon starting November 2022 Patch Tuesday, he said these authentication issues are not an expected outcome.
Authentication issues on affected versions of Windows
Microsoft explained that “after installing updates released on November 8, 2022 or later on Windows servers with the domain controller role, you may experience Kerberos authentication issues.”
“When you encounter this problem, you may receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error occurred in the System section of the Event Log on a Domain Controller with the text below.”
The list of affected Kerberos authentication scenarios includes but is not limited to the following:
The fix has been released for affected Windows versions
Today, Microsoft released OOB Emergency Updates that Windows administrators must install on all domain controllers (DCs) in affected environments.
You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. Microsoft says.
“If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend that you remove them.”
OOB updates released today are only available via Microsoft Update Catalog It will not be offered via Windows Update.
Redmond has released cumulative updates for installation on Domain Controllers (no client action required):
Microsoft has also released standalone updates that can be imported into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager:
The only affected platform that is still waiting for a fix is Windows Server 2008 R2 SP1. Redmond says a dedicated update will be available next week.
Microsoft added: “If you are using security-only updates for these versions of Windows Server, you only need to install these November 2022 standalone updates.”
“If you are using Monthly Rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install Monthly Rollups released on November 8, 2022 to receive the November 2022 Quality Updates.”