Source: Microsoft: January Windows Server updates cause Netlogon issues – cobaltstrike.net
Microsoft says Windows Server security updates released on and since the January 2022 Patch Tuesday might prevent applications and network appliances from creating Netlogon secure channels if installed on domain controllers.
Netlogon is a remote procedure call (RPC) interface and Windows Server process that authenticates services and users on Windows domain-based networks.
Impacted apps or network appliances, like Riverbed SteelHead WAN Optimizers, might experience issues when joining domains or limitations after joining a Windows domain.
According to Redmond, “scenarios that rely on Read-only domain controllers (RODCs) or synthetic RODC machine accounts might fail to establish a Netlogon secure channel.”
On affected devices, RODC accounts must have linked and compliant KRBTGT accounts to successfully establish secure Netlogon channels.
“Affected apps and network appliances will need an update from their developer or manufacturer to resolve this issue,” the company added in a Windows health dashboard update.
Windows platforms affected by this newly acknowledged known issue include:
- Windows Server 2022;
- Windows Server 2019;
- Windows Server 2016;
- Windows Server 2012 R2;
- Windows Server 2012;
- Windows Server 2008 R2 SP1;
- Windows Server 2008 SP2.
Microsoft and Riverbed are currently investigating this ongoing issue and are working on providing an update when more info will be available.
Two weeks ago, Microsoft addressed a Windows Active Directory bug that also surfaced after deploying January updates, causing issues for .NET apps when acquiring or setting Active Directory Forest Trust Information.
Last month, Microsoft also released a series of OOB updates to address multiple issues caused by the January 2022 Patch Tuesday updates.
The problems fixed in those emergency updates were related to Windows Server Domain Controllers restarting, VPN connectivity, Virtual Machines failing to start, as well as ReFS-formatted removable media mount failures.