Well, Microsoft has put new out-of-band updates online to correct problems related to Kerberos authentication in an Active Directory environment. As a reminder, the November 2022 Patch Tuesday updates are the source of this new side effect.
For several days, Microsoft teams had been investigating this problem related to Kerberos. On Microsoft’s website, it read:After installing updates released November 8, 2022 on Windows servers with the Domain Controller role, you may experience issues with Kerberos authentication.” – Since we are talking about Kerberos authentication, the consequences can be many….
As I mentioned in a previous article, Microsoft had listed a few concrete cases likely to generate this Kerberos error:
- Domain user login may fail. This can also affect ADFS authentication
- The gMSA managed service accounts used for services such as IIS Web Server may not authenticate
- The connexions Remote Desktop using domain users may fail.
- It is possible that you cannot access shared folders on workstations and file shares on servers.
- Printing that requires authentication domain user may fail.
The list of corrective updates
Now there is a solution to this problem and this solution goes through installing a new update ! In case your infrastructure is affected by this bug, the update must be installed on all Active Directory domain controllers. However, it is not necessary to install the update on the other servers or on the workstations.
For those who have made changes to fix this problem temporarily, here is what Microsoft recommends: “If you used a workaround or mitigations for this issue, they are no longer needed and we recommend that you remove them.“
Since these are out-of-band updates, they will not be distributed via Windows Update! Meet on the catalogue Microsoft Update (which does not prevent you from importing the update into WSUS).
Here is the list of updates released by Microsoft:
Currently there is a patch missing for Windows Server 2008 R2 as shown in the list above. This patch will go live next week.
You can find theofficial announcement on the Microsoft website.
Logiciel – OS,Sécurité,Active Directory,Kerberos,Microsoft,Mise à jour,
#November #solution #Kerberos #problems