ClickCease Microsoft issues update to fix Kerberos sign-in failures

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Microsoft issues update to fix Kerberos sign-in failures

December 1, 2022 - TuxCare PR Team

A few days after Microsoft acknowledged problems with Kerberos authentication that affected Windows Servers with the Domain Controller role, causing domain user sign and Remote Desktop connections to fail, Microsoft released an emergency optional out-of-band (OOB) update.

There out-of-band updates available are (KB5021652, KB5021653, KB5021654, KB5021655, KB5021656, and KB5021657), all of which must be installed manually.

“After installing updates released on November 8, 2022 or later on Windows Servers with the Domain Controller role, you might have issues with Kerberos authentication. When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text,” Microsoft explained.

List of affected Kerberos auth scenarios includes: Active Directory Federation Services (AD FS) authentication; Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server); and Remote Desktop connections. Others include the inability to access shared folders on workstations and files shares on servers and the inability to carryout printing that requires domain user authentication.

Following the emergency patch, Microsoft’s security team discovered a new problem with Kerberos authentication on Windows Servers. In the new patch, it made another set of security hardening changes that fixed two vulnerabilities tracked as CVE-2022-37967 and CVE-2022-37966, but it also broke some key authentication scenarios at the same time, resulting in failed logins and failed RDP connections, which caused a bug.

Microsoft says in an update to the acknowledgement post in the known issues section of Windows release health: “This issue was resolved in out-of-band updates released November 17, 2022 for installation on all the Domain Controllers (DCs) in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.”

The sources for this piece include an article in BleepingComputer.

Watch this news on our YouTube channel: MICROSOFT issues update to fix KERBEROS sign-in failures

Summary
Microsoft issues update to fix Kerberos sign-in failures
Article Name
Microsoft issues update to fix Kerberos sign-in failures
Description
Microsoft has issued an emergency optional out-of-band (OOB) update to fix problems with Kerberos authentication.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter