• EN

March 2024 Windows Updates - DC Crashes?

coolsport00
Userlevel 7
Badge +17

I recently learned the latest Microsoft server updates could potentially lead to domain controller crashes and restarts due to a Local Security Authority Subsystem Service (LSASS) process memory leak issue.

The affecting patch KBs are: KB5035855 and KB5035857 Windows Server updates. From the article below, it appears only Win2016 / Win2022 Core and DE are affected, but may affect all types. For now, Microsoft is advising uninstalling the above KB patches from DCs.

wusa /uninstall /kb:5035855
wusa /uninstall /kb:5035857

You can read more from the article below:

https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-crashes-reboots/

 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00

6 comments

CarySun
Userlevel 7
Badge +7

Microsoft released the following emergency Windows Server cumulative updates that should fix the LSASS memory leak and prevent impacted servers from crashing and restarting:

"This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs)," the company explains.

"The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it."

To fix this known issue, admins must download the OOB updates from the Microsoft Update Catalog and install them on affected domain controllers.

Veeam Vanguard | Veeam Legend | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
Chris.Childerhose
Userlevel 7
Badge +20

Had this happen on my DCs in the homelab so will be patching them Monday. Nice they released the patch to fix this.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
Userlevel 7
Badge +17

Had installed it on one of ours and to this point no issues (is 2019). 

Thanks for sharing the update Cary. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
CarySun
Userlevel 7
Badge +7

The details information is below link

https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3143

 

Veeam Vanguard | Veeam Legend | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
Iams3le
Userlevel 7
Badge +9

There is already an OOB update available for this issue: https://betanews.com/2024/03/23/microsoft-releases-out-of-band-kb5037422-update-to-fix-windows-server-memory-leak/  

[Microsoft MVP | Veeam Legend 5* | VMware vExpert 4* | Cisco Champion 3* | Object First Ace]
Iams3le
Userlevel 7
Badge +9

Microsoft released the following emergency Windows Server cumulative updates that should fix the LSASS memory leak and prevent impacted servers from crashing and restarting:

"This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs)," the company explains.

"The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it."

To fix this known issue, admins must download the OOB updates from the Microsoft Update Catalog and install them on affected domain controllers.

Just saw that this has already been posted!

[Microsoft MVP | Veeam Legend 5* | VMware vExpert 4* | Cisco Champion 3* | Object First Ace]

Comment


Terms & Conditions