Microsoft has started rolling out an out-of-band update to address a bug that previously caused Kerberos authentication issues on Windows domain controllers (DCs). Microsoft recently confirmed the issue on the Windows Build Health Dashboard after the November Patch Tuesday updates were released last week.
According to Microsoft, the issue causes failures while performing different activities, including domain user login and remote desktop login. Additionally, it may prevent users from performing print operations that require domain user authentication. Users may also not be able to access shared folders on workstations and share files on servers.
Microsoft recommends that users install the latest cumulative updates on Windows domain controllers as soon as possible. These updates are available for Windows Server 2022 (KB5021656), Windows Server 2019 (KB5021655), Windows Server 2016 (KB5021654), Windows Server 2012 R2 (KB5021653), Windows Server 2012 (KB5021652), and Windows Server 2008 SP2 (KB5021657) .
“This issue has been resolved in out-of-band updates released on November 17, 2022 for installation on all domain controllers (DCs) in your environment. You do not need to install any updates or make any changes to other servers or client devices in your environment to resolve this issue. If you used a workaround or mitigations for this issue, they are no longer needed and we recommend that you remove them,” Microsoft explained on the Windows Health Dashboard.
Microsoft will resolve Kerberos authentication issues for Windows Server 2008 R2 SP1 next week
It should be noted that Microsoft has not yet provided an update for Windows Server 2008 R2 SP1. The company says a fix will be available to customers in the coming week.
As usual, these optional updates will not be rolled out through Windows Update. Microsoft says customers will need to download updates from the Microsoft Update Catalog and then manually install them on domain controllers (DCs) in enterprise environments.