The latest Microsoft cumulative updates released earlier this week for Windows 11 operating system Breaking a vital business Safety Property. A fix hasn’t been published yet, but Microsoft expects to have one ready in the coming weeks.
As I mentioned Computer (Opens in a new tab)The Redmond software giant recently acknowledged certain issues with the Kerberos authentication protocol after a patch on Tuesday in November.
“After installing updates released on November 8, 2022 or later on Windows servers with the domain controller role, you may experience Kerberos authentication issues,” Microsoft said.
Login failed
“When you encounter this issue, you may receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of the event log on a domain controller with the text below,” the company explained.
Computer readers mentioned The update breaks Kerberos, the default Windows domain-connected authentication protocol endpointsA few days ago.
One explained that the protocol crashes” in situations where you set the ‘This account supports Kerberos AES 256-bit encryption’, or the ‘This account supports Kerberos AES 128’ account option set (eg msDS-SupportedEncryptionTypes attribute) on user accounts in ad.”
According to the report, some of Kerberos authentication Scenarios include domain user login failing and affecting Active Directory Federation Services authentication in the process, remote desktop connections using domain users that fail to connect, and many others.
Affected platforms include most versions of Windows since Windows 7 (Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2, Windows 11 21H2), and some server versions (Windows Server 2008 SP2 and Windows Server 2022) -.
Home clients and users not registered in a local domain are not affected by this error, it has been added. Furthermore, the flaw does not affect non-hybrid Azure Active Directory environments, as well as those without an on-premises Active Directory server.