Microsoft released security updates for all supported Windows versions on January 11, 2022, which are intended to eliminate various vulnerabilities and bugs. Among other things, Microsoft claims to have fixed a Windows Server issue where Active Directory attributes are not written correctly during a Lightweight Directory Access Protocol (LDAP) change operation with multiple specific attribute changes. However, the update also causes significant problems.
Domain controllers fall into boot loops
In the night of January 12, 2022, administrators reported to us about difficulties with domain controllers under Windows Server 2012 R2 in connection with the Update KB5009624 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) und Update KB5009595 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) hinwiesen.
The lsass.exe (or wininit.exe) process triggers a cyclic restart of the affected Windows server on affected machines because a Access conflict produces error 0xc0000005. The interval at which these restarts are forced can be up to 15 minutes. At first there was only talk of Windows Server 2012 R2 in connection with domain controllers, but there are now reports that domain controllers (DC) under Windows Server 2016, 2019 and 2022 are affected. The problem does not occur in all scenarios, the exact conditions that trigger the problem are not yet known.
Affected administrators currently only have the option of uninstalling the respective updates from January 11, 2022. This can be done in an administrative command prompt with these commands:
wusa /uninstall /kb:5009595 /quiet
wusa /uninstall /kb:5009624 /quiet
The relevant KB numbers for the respective server version must be used in the above commands. Administrators advise in the comments on the author’s blog (as well as on reddit.com) from rolling back snapshots to avoid provoking USN rollbacks. If the restarts happen too quickly, cutting the network connection of the domain controller may help. Then there should be enough time to uninstall the updates, reported those affected.
A Windows Server 2019 domain controller After uninstalling the update, the progress bar can remain at 100 percent for about 20 minutes after the restart. Here you have to be patient until the uninstallation is complete.
Update KB5009624 removes ReFS support
After installing update KB5009624 for Windows Server 2012 R2, administrators experience an unpleasant surprise when disks are formatted in the ReFS file system. In the author’s blog has become an administrator reported, which states that after installing the update, “all ReFs disks are in RAW format”. Uninstalling this update will bring back support for ReFS. Other administrators confirm this observation.
Update KB5009624 verhindert Start des Hyper-V-Hosts
The security update KB5009624 for Windows Server 2012 R2 causes the Hyper-V hosts to no longer be able to start on many systems. The same applies to update KB5009586 for Windows Server 2012. The Hyper-V host throws the following error on startup: “Error initializing: The virtual machine could not start because the hypervisor is not running.” Uninstalling the relevant updates solves this problem, as those affected confirm.
L2TP over IPSEC VPN connections broken in Windows 10/11
The updates KB5009566 for Windows 11 and KB5009543 for Windows 10 20H2 – 21H2 prevent the VPN connection establishment with L2TP over IPSEC via the affected Windows clients, reported those affected. When trying to establish a connection, the error “The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer” comes up.
The problem is now also on reddit.com as well as in the Techcommunity post Windows 11 Update (KB5009566) inhibits VPN connection confirmed. The error causes, for example, VPN connections to Cisco Meraki MX appliances, Ubiquiti or Meraki MX to fail. The gateways from Mikrotik and Fortigate as well as SonicWall instances can no longer be reached either. So far, only uninstalling the security updates from January 11, 2022 mentioned above has helped in all cases.