After installing Windows Upgrades given on the May 2022 Patch Tuesday on domain controllers, Microsoft has released emergency out-of-band (OOB) updates to solve Active Directory (AD) authentication problems.

Since May 12, the corporation has been working on a patch for a known vulnerability that results in authentication failures for various Windows services.

Microsoft explained that users might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP), after adding updates released on May 10, 2022, on their domain controllers.

Updates released

Redmond said a problem was discovered regarding the domain controller’s handling of certificate mapping to machine accounts.

The OOB Windows updates are only accessible through the Microsoft Update Catalog and will not be available via Windows Update. The following cumulative updates are available for installation on Domain Controllers (no client action is required):

Users also get standalone updates that include:

Which updates are important?

These updates can be manually imported into Microsoft Endpoint Configuration Manager and Windows Server Update Services (WSUS).

On the Import updates from the Microsoft Update Catalog page, you’ll find WSUS instructions and Catalog Site and Configuration Manager guidelines.

Microsoft notes that users only need to apply these updates for May if they deploy security-only updates for specific versions of Windows Server. For those who use Monthly Rollup updates, you’ll need to install the standalone update indicated above and the May 10, 2022, Monthly Rollups. The updates should solve the aforementioned issues once they are implemented.

Also read: Microsoft adds outage mode to Azure Active Directory.