Microsoft Releases Fix for Kerberos Authentication Issues on Domain Controllers

Windows Logo

Microsoft has started rolling out an out-of-band update to address a bug that was previously causing Kerberos authentication issues on Windows domain controllers (DCs). Microsoft has recently confirmed the problem on the Windows release health dashboard following the release of the November Patch Tuesday updates last week.

According to Microsoft, the issue leads to failures while performing different activities, including domain user sign-in and connecting to Remote Desktops. Moreover, it may prevent users from performing printing operations that require domain user authentication. Users may also be unable to access shared folders on workstations and share files on servers.

Microsoft recommends users to install the latest cumulative updates on Windows Domain Controllers as soon as possible. These updates are available for Windows Server 2022 (KB5021656), Windows Server 2019 (KB5021655), Windows Server 2016 (KB5021654), Windows Server 2012 R2 (KB5021653), Windows Server 2012 (KB5021652), and Windows Server 2008 SP2 (KB5021657).

“This issue was resolved in out-of-band updates released November 17, 2022 for installation on all the Domain Controllers (DCs) in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them,” Microsoft explained on the Windows health dashboard.

Microsoft to address Kerberos Authentication problems for Windows Server 2008 R2 SP1 next week

It is worth noting that Microsoft has yet to provide an update for Windows Server 2008 R2 SP1. The company says that a fix will be available for customers in the coming week.

As usual, these optional updates will not be rolled out via Windows Update. Microsoft says that customers will need to download the updates from the Microsoft Update Catalog and then manually install them on the Domain Controllers (DCs) in enterprise environments.