Windows Server Administrators Say Latest Patch Tuesday Violated Authentication Policies

IT administrators are reporting authentication issues after installing the latest May 2022 Patch Tuesday security updates, released this week.

Online discussions suggest that a number of companies are having issues, especially those that installed the updates on Windows servers that also serve Active Directory Domain Controller (DC) and Certificate Services roles. (ACDS).

According to some admins, Network Policy Server (NPS) policies were reported as failing, returning an error that “authentication failed due to user credential mismatch”. Either the username provided does not match an existing account or the password was incorrect.

Others said their Windows server, which only served the DC role, not the ACDS role, was having the same issues with failed NPS policies. Removing update KB5013941 would have fixed the issue.

One person reported that in his environment he was running separate servers for DC and NPS, and came to the conclusion that NPS servers may be patchable, but DC servers may need to roll back the update, after have tested the updates on each.

“For your information, we are aware of the NPS problem”, mentioned Steve Syfuhs, senior software engineer specializing in cryptography, authentication and identity at Microsoft. “It’s not specifically related to NPS, but rather how we distinguish between different types of names in certificates. Only a subset of people are affected by this.

Syfuhs addressed users in a separate Twitter chat and confirmed that Microsoft is looking into issues reported by many IT admins.

“After installing the updates released on May 10, 2022 on your domain controllers, you may see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP),” Microsoft said in an issues document. “An issue related to how the mapping of certificates to machine accounts is managed by the domain controller has been detected.”

The issues currently facing Windows Server administrators are due to how Microsoft patched two “high severity” privilege escalation vulnerabilities, tracked as CVE-2022-26931 and CVE-2022-26923, during the serial of Tuesday’s monthly security patches.

Online discussions in the first hours after the security patches were released seemed to show that users could apply updates without issue, only for Windows Server issues to surface later.

Related Resource

Securing endpoints against new threats

Ensure employees have the flexibility and security needed to work remotely

Free download

Earlier this year, many Windows Server administrators collectively agreed to forgo Microsoft-issued security patches, citing numerous issues that caused operational disruptions so severe they thought it best not to be protected from security patches rather than updating and applying workarounds.

Microsoft has released a recommended mitigation for admins who want a workaround for the certificate issue but don’t want to roll back the latest update like others have already done, leaving themselves unprotected.

The workaround is to manually map certificates to a machine account in Active Directory, Microsoft said. If the recommended mitigation does not work, administrators are encouraged to review the associated support document for other potential methods to resolve the issues they encounter.

Featured Resources

How to Run More Productive Meetings

Tips and tricks to get the most out of your meetings

Free download

Enable the future of work with integrated, real-time communication

A new dimension of human interaction is coming to digital work

Free download

How to do a hybrid job well

Overcoming the Challenges of Transitioning to Hybrid Working

look now

HPE HCI 2.0: How it can help your business thrive

Why SMBs Need to Accelerate Digital Transformation with HCI

Free download

Comments are closed.