web analytics
Home » Technology » Microsoft » Windows » Authentication Failures Surfaced After Windows Patch Day Microsoft Confirms!

Authentication Failures Surfaced After Windows Patch Day Microsoft Confirms!

After the most recent patch day, users complained about Kerberos login errors and other authentication problems. Microsoft has now confirmed that this is a known issue and promised a quick fix.

That’s according to a new entry in the Windows Release Health Dashboard . Accordingly, users of various Windows platforms reported errors in the domain controllers in connection with the updates published on patch day. Users from Windows 7 to Windows 11 and from Windows Server 2008 to Windows Server 2022 are affected.

Microsoft is still finding the clue

The problem is still being investigated by the developers. Basically all Kerberos authentication scenarios in corporate environments are affected. Based on what is known to date, Windows devices used by individuals in their homes and devices that are not part of an on-premises domain are not affected. “Azure Active Directory environments that are not hybrid and do not have on-premises Active Directory servers are also unaffected,” Microsoft said.

There is currently no bug fix update. But Microsoft is working hard on it. Until then, there is no interim solution to work around the error. An out-of-band update (emergency patch) is expected to be available shortly. Affected people should also check the Windows Release Health Dashboard Keep an eye out if a temporary solution is published there in the near future.

The Windows Release Health documentation currently states the following about the problems:

Login failed / Problems with Kerberos authentication

After installing updates released on November 8, 2022 or later on Windows servers with the Domain Controllers role, you may encounter issues with Kerberos authentication. This issue can affect any Kerberos authentication in your environment. Some scenarios that may be affected:

  • Domain users may fail to log in. This can also affect Active Directory Federation Services (AD FS) authentication.
  • Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) may fail to authenticate.
  • Remote desktop connections with domain users may fail.
  • You may not be able to access shared folders on workstations and file shares on servers.
  • Printing that requires domain user authentication may fail.

When this issue occurs, you may receive a Microsoft-Windows-Kerberos-Key-Distribution-Center error event with Event ID 14 in the System section of the event log on your domain controller with the text below. Note: The affected events have the text “The missing key has an ID of 1”.

Note: This issue is not an expected part of the Netlogon and Kerberos security hardening that begins with the November 2022 security update. You still need to follow the instructions 

in these articles after you fix this issue. Windows devices used by individuals in their homes or devices that are not part of an on-premises domain are not affected by this issue. Azure Active Directory environments that are not hybrid and do not have on-premises Active Directory servers are not affected.

Next steps: We are working on a solution and anticipate that a solution will be available in the next few weeks. This known issue will be updated with more information as it becomes available.

Affected platforms:

  • Client: Windows 11, version 22H2; Windows 10 , version 22H2; Windows 11 version 21H2; Windows 10 version 21H2; Windows 10 version 21H1; Windows 10 version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1 ; Windows 7 SP1
  • Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2