The latest Patch Tuesday is not without its problems. Microsoft has recently acknowledged that its most recent cumulative updates are the cause of a failure affecting Windows 11 but also Windows 10, 8.1 and even Windows 7. Note that Windows 7 maintenance is only possible in as part of personalized support (ESU program).
In a technical support document, the giant explains that its latest cumulative updates (Patch Tuesday of May 2022) cause authentication failures. This can concern clients or servers. The precise farm
“After installing the updates released on May 10, 2022 on your domain controllers, you may see authentication failures on the server or client for services such as NPS (Network Policy Server), RRAS (Routing and Remote Access Service), Radius, Extensible Authentication Protocol (EAP) and PEAP (Protected Extensible Authentication Protocol). A problem was found related to how the mapping of certificates to machine accounts is handled by the domain controller. »
Windows 11 and 10, a solution exists
Naturally the teams are at work developing a fix. While waiting for its publication, a workaround is available. It’s not practical since it requires manually “mapping” the certificates, but it has the advantage of bringing things back to normal.
The giant adds
“The preferred benefit for this issue is to manually map certificates to a computer account in Active Directory. For instructions, see Certificate Mapping. Note: The instructions are the same for mapping certificates to user or computer accounts in Active Directory. If the preferred mitigation does not work in your environment, see KB5014754 — Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel Registry Key section.
Note: Any other mitigations, except preferred mitigations, can reduce or disable security hardening.
Unfortunately, we don’t have a release schedule for the patch rollout.