Windows Domain Controller Restarts Caused by LSASS Crashes
Microsoft has shared information about a now-resolved known issue causing crashes of the Local Security Authority Subsystem Service (LSASS) and the Windows Server Domain Controller.
The Windows LSASS service is responsible for enforcing security policies and is used to manage access token creation, password changes, and user logins.
If LSASS crashes, logged in users lose access to Windows accounts available on the machine. An error warns them that the system is going to be rebooted and the device automatically reboots in less than a minute.
As Microsoft explains in a new entry added to the Window Health dashboard, unexpected restarts are being triggered on Windows Servers domain controllers after installing updates released during Patch Tuesday January 2021.
“You may receive an error dialog for Lsass.exe, stating ‘Your PC will automatically restart in one minute’ or ‘The system will now shut down and restart.'” Microsoft explains.
“On Windows Server 2016 and later, you are more likely to be affected when domain controllers use Shadow Principals in Enhanced Security Admin Environment (ESAE) or environments with Privileged Identity Management (PIM).”
This known issue only affects Windows Server platforms, including:
- Windows Server 2022;
- Windows Server, version 20H2;
- Windows Server 2019;
- Windows Server 2016;
- Windows Server 2012 R2;
- Windows Server 2012
Microsoft fixed LSASS crash issue in out-of-band updates released mid-Jan 17 [1, 2] to fix many other critical bugs introduced in Patch Tuesday January 2022, including Hyper-V no longer booting, L2TP VPN connections failing, and ReFS volumes becoming inaccessible.
While domain controllers getting into bootloop issues were also mentioned when posting out-of-band updates, Microsoft didn’t share any information on what caused them.
However, Redmond recommends installing the latest security updates released on February 8 to resolve the issue and prevent your Windows domain controllers from randomly rebooting.
“It contains important improvements and bug fixes, including this one. This is a cumulative update, so you don’t need to apply a previous update before installing it “, said the company. added.
The January out-of-band updates are available for download via the Microsoft Update Catalog or Windows Update as optional updates. They can also be added manually in Windows Server Update Services (WSUS).
If you install them through Windows Update, you will have to check them manually because optional updates are not offered or installed automatically.
This month, Microsoft also fixed two other known issues triggered by January Windows Updates, causing issues with Active Directory and Netlogon.