As Windows enterprise users are facing Kerberos authentication issues, Microsoft has released an out-of-band update to fix it.
The company acknowledged this issue on Monday, saying that people who updated their systems to the November 2022 security update are affected. And now, except for Windows Server 2008 R2 SP1, Microsoft released a fix for all other Windows Server versions.
Kerberos Authentication Issues
Windows enterprise users who updated their systems to the latest security update, i.e., November 2022 patch, are complaining about several authentication issues, especially with the Kerberos. All the impacted Kerberos authentication scenarios include;
- Domain user sign-in might fail. This also might affect Active Directory Federation Services (AD FS) authentication.
- Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) might fail to authenticate.
- Remote Desktop connections using domain users might fail to connect.
- You might be unable to access shared folders on workstations and file shares on servers.
- Printing that requires domain user authentication might fail.
While Microsoft acknowledged the issue on Monday and said to be working on a fix, they have now come up with a patch through an out-of-band update.
Recommending system admins remove any workarounds or mitigations they applied till now, Microsoft asks them to apply the freshly released OOB updates – only available through the Microsoft Update Catalog. Below are the relevant updates you should apply as per your Windows Server version;
Also, Microsoft has released standalone updates to be imported into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager:
Though most of the affected versions are covered, Microsoft is yet to make a fix for the Windows Server 2008 R2 SP1, which is set to come in next week.