According to Microsoft, Windows Server updates released as part of this month’s Patch Tuesday onslaught could cause some domain controllers to shut down or restart automatically.
The enterprise software giant said organizations installing KB5019966 or later updates on domain controllers (DCs) may see a memory leak with the Local Security Authority Subsystem Service (LSASS). ).
“Depending on the workload of your domain controllers and the time elapsed since the last server restart, LSASS may continually increase memory usage with the uptime of your server and the server may become unresponsive or automatically restart,” Microsoft wrote in its Windows. Health Dashboard.
Out of band (OOB) updates for domain controllers released on November 17 and 18 may also be affected by the issue.
LSASS is a Windows process on an Active Directory domain controller that is used to enforce security policy on the operating system. Its tasks include search, authentication and replication of the Active Directory database. It authenticates and verifies users who wish to log on to a Windows system, manages password changes and creates access tokens.
It’s an increasingly important tool in an era where threat groups are turning more to identity to gain access to corporate networks.
The issue affects Windows Server 2008 SP2 and R2 SP1, 2012 and 2012 R2, 2016 and 2019 versions.
Microsoft engineers are working on a fix that will appear as an update in an upcoming release.
In the meantime, the company offers a workaround for users, who can open the command prompt as an administrator to set the KrbtgtFullPacSignature registry key to “0”.
After opening the command prompt as an administrator, they can use the command:
reg add "HKLM\System\CurrentControlSet\services\KDC" -v "KrbtgtFullPacSignature" -d 0 -t REG_DWORD
“Once this known issue is resolved, you should set KrbtgtFullPacSignature to a higher setting based on what your environment will allow,” Microsoft wrote. “It is recommended to enable enforcement mode as soon as your environment is ready.”
The company added that more information about the registry key can be found in the Windows Health Dashboard note, which is related to issues resulting from the November Patch Tuesday update that impacted the authentication protocol. Kerberos network on Windows Server with domain controller roles managing network security and identity requests.
In this case, the updates caused a number of issues, including domain user login failures, group managed service account authentication failure, and remote desktop connections not happening. not actually connect.
Users were also unable to access shared folders on workstations and printer connections that require domain user authentication.
A few weeks ago, Microsoft released emergency OOB updates that users could install on all domain controllers to fix the issues. ®
