Microsoft Confirms LSASS Crash Bug Causing Reboot Loops on Windows Server

Microsoft has acknowledged a critical issue causing some Windows Server domain controllers to enter repeated restart loops after installing the April 2026 security update (KB5082063). The problem impacts both existing environments and newly deployed domain controllers, which complicates recovery and rollout efforts for IT administrators.

This problem is caused by crashes in the Local Security Authority Subsystem Service (LSASS) during system startup, which triggers continuous reboot loops and prevents normal operation of authentication services. When affected, Active Directory authentication and directory services may become unavailable, which potentially makes an entire domain inaccessible.

What is LSASS?

The Local Security Authority Subsystem Service (LSASS) is a core Windows process responsible for enforcing system security by handling user authentication, validating login credentials, applying security policies, and generating access tokens that determine what resources a user or service is allowed to use. LSASS manages critical functions such as password checks, Kerberos and NTLM authentication, and security auditing, and it runs continuously in the background. If it crashes or is blocked, Windows cannot safely operate, often resulting in forced restarts or system shutdowns to protect the integrity of the system.

“After installing the April 2026 Windows security update (KB5082063) and rebooting, non‑Global Catalog (non‑GC) domain controllers (DCs) in environments that use Privileged Access Management (PAM), might experience LSASS crashes during startup,” Microsoft explained on the release health dashboard. “As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable.”

Affected environments and scope of the issue

According to Microsoft, this issue only affects specific environments such as Non–Global Catalog (non‑GC) domain controllers, systems that use Privileged Access Management (PAM),
enterprise‑managed Windows Server versions 2016, 2019, 2022, 23H2, and 2025.

Microsoft’s engineers are investigating this problem, and the company plans to release a fix in the coming weeks. Administrators can contact Microsoft Support for Business to obtain mitigation steps that can be applied even after the problematic update is installed on Windows Server machines.

These mitigations typically involve disabling specific security features, rolling back or pausing Privileged Access Management, or applying emergency policy changes to stabilize domain controllers. Temporarily weakening privileged isolation can undermine zero‑trust goals, policy rollbacks can place regulated environments out of compliance, and quick configuration changes can unintentionally widen the attack surface.