Microsoft investigated a known issue that causes authentication failure issues for some Windows services. This follows concerns from Windows administrators that certain rules were broken after installing this month’s security patches. The problem affects client and server Windows platforms, as well as systems running all versions of Windows, including the most recent ones (Windows 11 and Windows Server 2022).
Now recently, they published emergency out-of-band (OOB) fixes to address Active Directory (AD) authentication issues that occurred after installing Windows Updates delivered on the May 2022 Patch Tuesday on domain controllers.
“Authentication failures might be seen on the server or client for services such as Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP) after installing updates released on May 10, 2022,”
“An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.”
The OOB Windows updates made available today are exclusively available through the Microsoft Update Catalog and will not be available via Windows Update.
The company released the cumulative updates for installation on Domain Controllers (no action needed on the client-side):
Microsoft also released standalone updates:
These updates can be manually imported into Microsoft Endpoint Configuration Manager and Windows Server Update Services (WSUS).
They also added:
“There is only need to install these updates for the month of May if you are utilizing security only updates for these versions of Windows Server,”. If you use Monthly Rollup updates, you’ll need both the standalone update described above and the May 10, 2022, Monthly Rollups.
Cumulative updates for installation on Domain Controllers: