Windows Server 2016 Bug Affects Domain Controller Lookup
A new Windows Server 2016 bug can break domain controller discovery and disrupt Active Directory operations.
Key Takeaways:
- The latest Windows Server 2016 update can break domain controller discovery on affected systems.
- Windows Server 2016 machines with 15-character hostnames face authentication and Active Directory disruptions.
- Microsoft is investigating the issue, but no official fix is available yet.
Microsoft has acknowledged a new issue in Windows Server 2016 where domain controller discovery may fail after installing the May 2026 KB5087537 security update. The problem specifically affects Windows Server machines with certain hostname conditions, which disrupt critical network and administrative functions.
Domain controller lookup is a process in Active Directory that allows a computer or application to find a suitable domain controller within a network. This mechanism ensures systems can authenticate users, access resources, and perform administrative tasks by automatically locating the correct server that manages domain services.
How does the Windows Server 2016 update disrupt critical network operations?
According to Microsoft, the May 12 security update can cause domain controller (DC) lookup or discovery to fail, which disrupts normal Active Directory operations. The problem occurs only on servers where the hostname is exactly 15 characters long. This bug can break administrative tools, scripts, and applications, services relying on Active Directory, and Tasks like DFS Namespace management.
“When the hostname is 15 characters long, DCLocator calls (for example, using nltest /dsgetdc: /pdc) will return ERROR_INVALID_PARAMETER, preventing applications and administrative tools from locating a domain controller,” Microsoft explained.
No official fix yet for the Windows Server 2016 bug
Microsoft says this issue only impacts Windows Server 2016 machines that meet the specific hostname length condition. The company is actively investigating the problem but has not yet shared an official fix. There is no workaround, but changing the server name to something other than 15 characters may help prevent the problem.
Microsoft still supports Windows Server 2016, even though its mainstream support phase ended in 2022. The company has committed to providing extended support until January 12, 2027, which ensures continued security updates and maintenance for organizations still using Windows Server 2016.
Beyond that, customers can opt into the Extended Security Updates (ESU) program, which offers up to three additional years of critical security updates while they transition to newer versions of Windows Server.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...