Microsoft has released emergency updates for multiple versions of Windows Server. This follows issues caused by the April 2026 Patch Tuesday security updates.
Domain controllers entered a reboot loop due to crashes of the Local Security Authority Subsystem Service (LSASS). As a result, authentication services became unavailable. The issue also occurs when setting up new domain controllers, if the server processes authentication requests before the boot process is fully complete. At the same time, some Windows Server 2025 systems were unable to install security update KB5082063.
“The Windows Server 2025 OOB update (KB5091157) addresses both the installation failure issue and the domain controller restart issue,” according to Microsoft. “OOB updates released for other supported Windows Server versions address only the domain controller restart issue.”
Microsoft has released an out-of-band (OOB) update for seven versions:
- Windows Server 2025: KB5091157
- Windows Server, version 23H2: KB5091571
- Windows Server 2022: KB5091575
- Windows Server 2019: KB5091573
- Windows Server 2016: KB5091572
- Windows Server 2025 Datacenter Azure Edition: Hotpatch KB5091470
- Windows Server 2022 Datacenter Azure Edition: Hotpatch KB5091576
More issues after April updates
In addition to the LSASS crashes and the installation error in KB5082063, Microsoft also warned that some Windows Server 2025 devices boot into BitLocker recovery mode after installing the update, requiring users to enter a BitLocker recovery key.