Latest Patch Tuesday Updates Cause Freezes, Reboots on Domain Controllers
Earlier this month, Microsoft rolled out a new set of Patch Tuesday updates for Windows Server. The company has recently confirmed that it’s investigating a new LSASS memory leak bug caused by the latest Windows updates that may trigger freezes and reboots on some domain controllers (DCs).
Local Security Authority Subsystem Service (LSASS) is a service that allows users to manage local security, user logins, and permissions. It’s responsible for enforcing security policy on Windows machines.
“After installing KB5019966 or later updates on Domain Controllers (DCs), you might experience a memory leak with Local Security Authority Subsystem Service (LSASS,exe). Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart,” Microsoft explained.
Additionally, Microsoft has confirmed on the Windows Health Dashboard that the problem affects Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.
How to fix LSASS memory leak issues on domain controllers
Microsoft is working to fix the LSASS memory leak issue on domain controllers. In the meanwhile, there’s a temporary workaround solution that will help IT Pros to remediate the problem in enterprise environments. To do this, run the command prompt as administrator and run the following command to set the registry key “KrbtgtFullPacSignature” value to 0:
reg add “HKLM\System\CurrentControlSet\services\KDC” -v “KrbtgtFullPacSignature” -d 0 -t REG_DWORD
“Once this known issue is resolved, you should set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow. It is recommended to enable Enforcement mode as soon as your environment is ready,” Microsoft added.
Microsoft has recently released new emergency updates to address domain controller sign-in issues and other authentication problems. We invite you to check out our separate post for more details.
More in Windows Server
New Memory Integrity Scan Tool Lets Users Check for Compatibility Issues on Windows PCs
May 11, 2023 | Rabia Noureen
Microsoft Releases Updates to Fix Secure Boot Flaw on Windows 10/11 and Windows Server
May 10, 2023 | Rabia Noureen
Microsoft Confirms Interoperability Issues Between New Windows LAPS and Legacy LAPS Policies
Apr 14, 2023 | Rabia Noureen
Windows LAPS is Now Natively Integrated on Windows 11, Windows 10, and Windows Server
Apr 12, 2023 | Laurent Giret
Microsoft Releases Fix for Hyper-V VM Issues in Windows Server
Dec 21, 2022 | Rabia Noureen
Microsoft to Fix New Bug Breaking Hyper-V VMs in Windows Server
Dec 16, 2022 | Rabia Noureen
Most popular on petri