November 27, 2022
Admins who installed the November 8 Microsoft Windows updates have been experiencing issues with Kerberos network authentication. Microsoft’s weekend Windows Health Dashboard post explained that updates to Windows Servers broke their ability to act as Domain Controllers for network and identity security requests. The affected version is OS Build 22621.819, KB5019980. Impacts include domain user sign-in…

Admins who installed the November 8 Microsoft Windows updates have been experiencing issues with Kerberos network authentication.

Microsoft’s weekend Windows Health Dashboard post explained that updates to Windows Servers broke their ability to act as Domain Controllers for network and identity security requests.

The affected version is OS Build 22621.819, KB5019980.

Impacts include domain user sign-in failing; failure in Active Directory Federation Services authentication; Group Managed Service Accounts (used for services like the IIS Web server) authentication failure; remote desktop connections to domain users, inability to access shared folders on workstations and file shares on servers; and authenticated printing failure.

“When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller”, Microsoft said, along with example text of the error.

Microsoft said a fix is expected in the coming weeks. 

Another issue affects the DirectAccess remote access service.

DirectAccess is supposed to provide an always-on remote connection to users, without them having to start and stop the connection the way they would with a VPN service.

However, after installing KB5019509, Microsoft said users could have DirectAccess connection problems if their client had their network access interrupted (for example, by moving between different wi-fi access points).

For now, admins can fix the problem with Known Issue Rollback, or by getting users to restart their devices. 

Source