Microsoft Releases New Update to Fix Windows Server Restart Loop Issues

Microsoft has released an out-of-band update to address a restart loop issue triggered by the April 2026 Patch Tuesday update for Windows Server. The emergency patch (KB5091157) is now available across Windows Server 2016 through 2025 to restore system stability and prevent further disruptions.

Last week, Microsoft acknowledged that some Windows Server 2025 systems failed to install the April 2025 update (KB5082063). Moreover, several supported Windows Server versions (especially those acting as domain controllers) entered repeated reboot cycles caused by crashes in the Local Security Authority Subsystem Service (LSASS).

“After installing the April 2026 Windows security update (KB5082063) and rebooting, domain controllers (DCs) in environments with multiple domains in the forest that use Privileged Access Management (PAM), might experience LSASS crashes during startup. As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable,” Microsoft explained.

Microsoft rolls out Windows Server update to restore stability

Microsoft has released separate emergency patches for Windows Server 2016, 2019, 2022, 23H2, and 2025. The Windows Server 2025 update fixes both the installation failure and reboot problem, while updates for earlier versions focus mainly on stopping the restart loops.

Microsoft warned that some Windows Server 2025 devices may unexpectedly boot into BitLocker recovery mode after installing the original April update. This bug required administrators to enter recovery keys.

Guidance for administrators on deploying the patch

For administrators deciding whether to deploy Microsoft’s out‑of‑band (OOB) updates immediately, the answer largely depends on the server’s role and current behavior. Systems acting as domain controllers should be patched without delay, particularly if they are experiencing LSASS crashes, repeated restarts, or authentication failures. These issues can quickly escalate into domain‑wide outages, disrupting user logins, access to network resources, and core identity services. In environments where uptime and authentication reliability are critical, the risk of leaving affected servers unpatched is higher than the risk of applying the emergency fix.

That said, a more cautious approach may be appropriate for non‑critical servers that are not authentication-facing and are not showing symptoms. In these cases, administrators may prefer to test the OOB update in a staging environment before rolling it into production. Moreover, special care should also be taken with Windows Server 2025 systems, as Microsoft has warned that some devices may prompt for BitLocker recovery keys following recent updates. It’s recommended to ensure recovery keys are properly backed up before patching to prevent avoidable downtime if BitLocker recovery is triggered unexpectedly.