The Redmond firm has published the information about two new bugs in Windows 11 that appear after you install the latest cumulative update. After you install KB5019980 on a Server edition of the OS, that may break Domain Controller's Kerberos authentication. Also, Direct Access for Wi-Fi may stop working after you install KB5019509. Both issues are common for Windows 11 and Windows 10. Microsoft provides a workaround for affected machines.A domain controller affected by the bug in KB5019980 may start malfunction in the following scenarios:
- Domain user sign in might fail. This also might affect Active Directory Federation Services (AD FS) authentication.
- Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) might fail to authenticate.
- Remote Desktop connections using domain users might fail to connect.
- You might be unable to access shared folders on workstations and file shares on servers.
- Printing that requires domain user authentication might fail.
To quickly find if your server is affected, open Event Log and see if you have the Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error entry with the following text:
While processing an AS request for target service , the account did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18 3. The accounts available etypes : 23 18 17. Changing or resetting the password of will generate a proper key.
Microsoft is working on solving this issue. The fix should become available next in a few weeks.
Another bug with Direct Access appears after installing KB5019509 or later updates. Windows won't be able to reconnect to Direct Access after temporarily losing network connectivity or transitioning between Wi-Fi networks or access points. But it will remain functional over a VPN/RAS. Microsoft says this bug doesn't affect consumers.
Microsoft has provided a known issue rollback solution to mitigate the issue. You will find the links to the appropriate Group Policies here.
You can learn more about both bugs on this website.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: