Microsoft has issued a warning to users of various versions of Windows Server that a recent update is causing problems with Netlogon connections.
Affecting Windows Server 2022, 2019, 2012 R2, 2012, 2008 R2 SP1 and 2008 SP2, the problem means that some applications and appliances on domain controllers may be unable to establish a Netlogon secure channel. Microsoft is blaming not only the KB5009555 update, but “updates released January 11, 2022” for the problem.
In a post in the known issues section of the Release Health page, Microsoft says: “After installing KB5009555 or any updates released January 11, 2022 and later on your domain controllers, scenarios which rely on Read-only domain controllers (RODCs) or synthetic RODC machine accounts might fail to establish a Netlogon secure channel.”
The company goes on to say:
RODC accounts must have a linked and compliant KRBTGT account to successfully establish a secure channel. Affected applications or network appliances, such as Riverbed SteelHead WAN Optimizers, might have issues joining domains or limitations after joining a domain.
Microsoft does not currently have a fix or a workaround available, and says that it is continuing to look into the problem. The company concludes by saying:
Affected apps and network appliances will need an update from their developer or manufacturer to resolve this issue. Microsoft and Riverbed are presently investigating and will provide an update when more information is available.
Image credit: Observer / depositphotos