Skip to main content

March 2024 Windows Updates - DC Crashes?

coolsport00
Forum|alt.badge.img+20

I recently learned the latest Microsoft server updates could potentially lead to domain controller crashes and restarts due to a Local Security Authority Subsystem Service (LSASS) process memory leak issue.

The affecting patch KBs are: KB5035855 and KB5035857 Windows Server updates. From the article below, it appears only Win2016 / Win2022 Core and DE are affected, but may affect all types. For now, Microsoft is advising uninstalling the above KB patches from DCs.

wusa /uninstall /kb:5035855
wusa /uninstall /kb:5035857

You can read more from the article below:

https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-crashes-reboots/

 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00

6 comments

CarySun
Forum|alt.badge.img+7
  • CarySun
  • Veeam Vanguard
  • 200 comments
  • March 23, 2024

Microsoft released the following emergency Windows Server cumulative updates that should fix the LSASS memory leak and prevent impacted servers from crashing and restarting:

"This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs)," the company explains.

"The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it."

To fix this known issue, admins must download the OOB updates from the Microsoft Update Catalog and install them on affected domain controllers.

Veeam Vanguard | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
Chris.Childerhose
coolsport00
Iams3le
4 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • coolsport00
    coolsport00
  • Iams3le
    Iams3le
  • leduardoserrano
    leduardoserrano
Chris.Childerhose
Forum|alt.badge.img+21

Had this happen on my DCs in the homelab so will be patching them Monday. Nice they released the patch to fix this.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
CarySun
leduardoserrano
3 people like this
  • coolsport00
    coolsport00
  • CarySun
    CarySun
  • leduardoserrano
    leduardoserrano
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Author
  • Veeam Legend
  • 4139 comments
  • March 23, 2024

Had installed it on one of ours and to this point no issues (is 2019). 

Thanks for sharing the update Cary. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
CarySun
leduardoserrano
2 people like this
  • CarySun
    CarySun
  • leduardoserrano
    leduardoserrano
CarySun
Forum|alt.badge.img+7
  • CarySun
  • Veeam Vanguard
  • 200 comments
  • March 23, 2024

The details information is below link

https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3143

 

Veeam Vanguard | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
Chris.Childerhose
leduardoserrano
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • leduardoserrano
    leduardoserrano
Iams3le
Forum|alt.badge.img+11
  • Iams3le
  • Veeam Legend
  • 1393 comments
  • March 25, 2024

There is already an OOB update available for this issue: https://betanews.com/2024/03/23/microsoft-releases-out-of-band-kb5037422-update-to-fix-windows-server-memory-leak/  

[Microsoft MVP | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
Chris.Childerhose
Link State
leduardoserrano
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • leduardoserrano
    leduardoserrano
Iams3le
Forum|alt.badge.img+11
  • Iams3le
  • Veeam Legend
  • 1393 comments
  • March 25, 2024
CarySun wrote:

Microsoft released the following emergency Windows Server cumulative updates that should fix the LSASS memory leak and prevent impacted servers from crashing and restarting:

"This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs)," the company explains.

"The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it."

To fix this known issue, admins must download the OOB updates from the Microsoft Update Catalog and install them on affected domain controllers.

Just saw that this has already been posted!

[Microsoft MVP | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
Chris.Childerhose
Link State
leduardoserrano
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • leduardoserrano
    leduardoserrano

Comment


Terms & Conditions