Windows Server out-of-band update addressing authentication issues released
Microsoft released updates for various Windows Server versions that address issues that were experienced after installation of the May 2022 security updates.
The updates address the authentication issues and the Microsoft Store app installation issues. The released updates are not distributed via Windows Update, but only available as manual downloads from the Microsoft Update Catalog website.
The first issue was experienced after installing the May 2022 updates on domain controllers. Some administrators noted a rise in authentication failures on the server or client for services, including Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).
Microsoft discovered that the issue affected how domain controllers handled the mapping of certificates to machine accounts. The company published a workaround for the issue shortly after confirming it on its Docs website. Administrators should map certificates manually to machine accounts in Active Directory to resolve the issue. While other mitigations were published, all "might lower or disable security hardening" and were therefore not recommended.
Microsoft Store apps installation failures
On some devices, installation of Microsoft Store applications might fail with the error code 0xC002001B after installation of the May 2022 updates. Some installed applications might fail to open as well.
The issue happened on devices with Control-flow Enforcement Technology processors according to Microsoft.
Additional details are available on Microsoft's Docs website.
Out-of-band-updates are available
Microsoft has released out-of-band updates for affected Windows Server versions. Cumulative updates are available for the Windows Server versions 2016, 2019, 2022 and 20H2:
- Windows Server 2022: KB5015013 and Update Catalog download.
- Windows Server, version 20H2: KB5015020 and Update Catalog download.
- Windows Server 2019: KB5015018 and Update Catalog download.
- Windows Server 2016: KB5015019 and Update Catalog download.
These can be installed directly as they are cumulative in nature and include previous updates that may not have been released yet.
The Windows Server versions 2008 R2 SP1, 2008 SP2, 2012 and 2012 R2 may be updated using standalone updates instead:
- Windows Server 2012 R2: KB5014986 and Update Catalog download.
- Windows Server 2012: KB5014991 and Update Catalog download
- Windows Server 2008 R2 SP1: KB5014987 and Update Catalog download
- Windows Server 2008 SP2: KB5014990 and Update Catalog download
Microsoft notes that installation of the standalone updates differs depending on whether monthly-rollup updates or security-only updates are installed on machines.
On machines with security-only updates, the standalone updates can be installed directly. On monthly-rollup updates, it is required to install the standalone update and the monthly-rollup update released on May 10, 2022.
A restart may be required to complete the update installation.
Now You: did you install the May 2022 updates already?Advertisement