Latest Patch Tuesday Updates Cause Freezes, Reboots on Domain Controllers

Cloud Computing

Earlier this month, Microsoft rolled out a new set of Patch Tuesday updates for Windows Server. The company has recently confirmed that it’s investigating a new LSASS memory leak bug caused by the latest Windows updates that may trigger freezes and reboots on some domain controllers (DCs).

Local Security Authority Subsystem Service (LSASS) is a service that allows users to manage local security, user logins, and permissions. It’s responsible for enforcing security policy on Windows machines.

“After installing KB5019966 or later updates on Domain Controllers (DCs), you might experience a memory leak with Local Security Authority Subsystem Service (LSASS,exe). Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart,” Microsoft explained.

Additionally, Microsoft has confirmed on the Windows Health Dashboard that the problem affects Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

How to fix LSASS memory leak issues on domain controllers

Microsoft is working to fix the LSASS memory leak issue on domain controllers. In the meanwhile, there’s a temporary workaround solution that will help IT Pros to remediate the problem in enterprise environments. To do this, run the command prompt as administrator and run the following command to set the registry key “KrbtgtFullPacSignature” value to 0:

reg add “HKLM\System\CurrentControlSet\services\KDC” -v “KrbtgtFullPacSignature” -d 0 -t REG_DWORD

“Once this known issue is resolved, you should set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow. It is recommended to enable Enforcement mode as soon as your environment is ready,” Microsoft added.

Microsoft has recently released new emergency updates to address domain controller sign-in issues and other authentication problems. We invite you to check out our separate post for more details.