Windows Server out-of-band update addressing authentication issues released

Martin Brinkmann
May 20, 2022
Windows Updates
|
7

Microsoft released updates for various Windows Server versions that address issues that were experienced after installation of the May 2022 security updates.

windows-server authentication fix update

The updates address the authentication issues and the Microsoft Store app installation issues. The released updates are not distributed via Windows Update, but only available as manual downloads from the Microsoft Update Catalog website.

Authentication issues

The first issue was experienced after installing the May 2022 updates on domain controllers. Some administrators noted a rise in authentication failures on the server or client for services, including Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).

Microsoft discovered that the issue affected how domain controllers handled the mapping of certificates to machine accounts. The company published a workaround for the issue shortly after confirming it on its Docs website. Administrators should map certificates manually to machine accounts in Active Directory to resolve the issue. While other mitigations were published, all "might lower or disable security hardening" and were therefore not recommended.

Microsoft Store apps installation failures

On some devices, installation of Microsoft Store applications might fail with the error code 0xC002001B after installation of the May 2022 updates. Some installed applications might fail to open as well.

The issue happened on devices with Control-flow Enforcement Technology processors according to Microsoft.

Additional details are available on Microsoft's Docs website.

Out-of-band-updates are available

Microsoft has released out-of-band updates for affected Windows Server versions. Cumulative updates are available for the Windows Server versions 2016, 2019, 2022 and 20H2:

These can be installed directly as they are cumulative in nature and include previous updates that may not have been released yet.

The Windows Server versions 2008 R2 SP1, 2008 SP2, 2012 and 2012 R2 may be updated using standalone updates instead:

Microsoft notes that installation of the standalone updates differs depending on whether monthly-rollup updates or security-only updates are installed on machines.

On machines with security-only updates, the standalone updates can be installed directly. On monthly-rollup updates, it is required to install the standalone update and the monthly-rollup update released on May 10, 2022.

A restart may be required to complete the update installation.

Now You: did you install the May 2022 updates already?

Summary
Windows Server out-of-band update addressing authentication issues released
Article Name
Windows Server out-of-band update addressing authentication issues released
Description
Microsoft released updates for various Windows Server versions that address issues that were experienced after installation of the May 2022 security updates.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. EP said on May 31, 2022 at 6:23 pm
    Reply

    KB5015020 out-of-band update for Windows Server 20H2 and Windows 10 (Client), 20H2/21H1/21H2 also fixes another problem on systems with recent Intel/AMD CPUs being unable to install Microsoft store apps:
    https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-20h2#2830msgdesc

    “After installing KB5011831 or later updates, you might receive an error code: 0xC002001B when attempting to install from the Microsoft Store. Some Microsoft Store apps might also fail to open. Affected Windows devices use a processor (CPU) which supports Control-flow Enforcement Technology (CET), such as such as 11th Gen and later Intel® Core™ Processors or later and certain AMD processors.”

    “Resolution: This issue was resolved in the out-of-band update KB5015020. It is a cumulative update, so you do not need to apply any previous update before installing it. To get the standalone package for KB5015020, search for it in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.”

  2. Jgg4266 said on May 23, 2022 at 5:08 pm
    Reply

    Do the OOB updates ONLY install on DCs (if you deploy them via MEMCM), or should you only install them on DCs

  3. Günter Born said on May 21, 2022 at 7:01 am
    Reply

    It looks like the May 19, 2022 out-of-band updates will not fix the certificate issue with AD DC when a Network Policy Server (NPS) is in use. I’ve had multiple reports about that.

    See my English blog post for details: https://borncity.com/win/2022/05/21/windows-out-of-band-updates-vom-19-5-2022-versagen-mit-nps-beim-ad-dc-authentifizierungsfehler/

  4. dmacleo said on May 20, 2022 at 6:25 pm
    Reply

    did install the rollup and do see an NPS error that never happened before. gonna install the update after I do second daily backup to be safe.

  5. jimmyjamesjimmy said on May 20, 2022 at 9:41 am
    Reply

    If you haven’t installed the May 2022 updates yet on 2012 and 2016 DC’s, will you be able to use Windows update to patch them to this fix or will you still need to manually download and install the fixed updates after using Windows update?

    1. dmacleo said on May 20, 2022 at 6:28 pm
      Reply

      the “new” patch to correct is NOT in WSUS yet.

    2. Martin Brinkmann said on May 20, 2022 at 9:57 am
      Reply

      The fixes should be included in next month’s cumulative updates.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.