hello folks, another buggy patch
With the November updates, an anomaly was introduced at the Kerberos Authentication level.
Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)
three days ago that the November updates break Kerberos "in situations where you have set the 'This account supports Kerberos AES 256 bit encryption' or 'This account supports Kerberos AES 128 bit encryption' Account Options set (i.e., msDS-SupportedEncryptionTypes attribute) on user accounts in AD."
On the DCs compare the following erroe event id:
Microsoft-Windows-Kerberos-Key-Distribution-Center event id 14 error
the anomaly gives this message: While processing an AS request for the target service <service>, the account <account name> did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1)," the errors recorded.
Kerberos authetication scenarios Failed:
Domain user sign-in might fail. This also might affect (AD FS) authentication.
Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) might fail to authenticate.
Remote Desktop connections using domain users might fail to connect.
You might be unable to access shared folders on workstations and file shares on servers.
Printing that requires domain user authentication might fail.
Systems impacted:
Clients: Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2 or later, and Windows 11 21H2 or later
Server: Windows Server 2008 SP2 or later, including the latest release, Windows Server 2022.
MS is working on a fix quickly we wait confidently.
It may be recommended to uninstall the patch on DCs.
