Microsoft is investigating a brand new identified problem inflicting enterprise area controllers to expertise Kerberos sign-in failures and different authentication issues after putting in cumulative updates launched throughout this month’s Patch Tuesday.
Kerberos has changed the NTLM protocol because the default authentication protocol for domain-connected gadgets on all Windows variations above Windows 2000.
The identified problem being investigated by Redmond can have an effect on any Kerberos authentication situation inside affected enterprise environments.
“After putting in updates launched on November 8, 2022 or in a while Windows Servers with the Domain Controller function, you might need points with Kerberos authentication,” Microsoft defined.
“When this problem is encountered you would possibly obtain a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error occasion within the System part of Event Log in your Domain Controller with the under textual content.”
Errors logged in system occasion logs on impacted techniques might be tagged with a “the lacking key has an ID of 1” keyphrase.
“While processing an AS request for goal service <service>, the account <account title> didn’t have an appropriate key for producing a Kerberos ticket (the lacking key has an ID of 1),” the logged errors learn.
The listing of Kerberos authentication situations consists of however isn’t restricted to the next:
Affects each consumer and server platforms
The full listing of affected platforms consists of each consumer and server releases:
- Client: Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2 or later, and Windows 11 21H2 or later
- Server: Windows Server 2008 SP2 or later, together with the most recent launch, Windows Server 2022.
While Microsoft has began imposing safety hardening for Netlogon and Kerberos starting with the November 2022 Patch Tuesday, the corporate says this identified problem isn’t an anticipated outcome.
The problem doesn’t impression gadgets utilized by dwelling clients and people who aren’t enrolled in an on-premises area. Also, it would not impression mom-hybrid Azure Active Directory environments and people that do not have on-premises Active Directory servers.
Microsoft is engaged on a repair for this identified problem and estimates {that a} resolution might be obtainable within the coming weeks.
Redmond has additionally addressed comparable Kerberos authentication issues affecting Windows techniques attributable to safety updates launched as a part of November 2020 Patch Tuesday.