Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates.
This is the list of Identity-related updates and fixes we saw for May 2022:
Windows Server 2016
We observed the following update for Windows Server 2016:
KB5013952 May 10, 2022
The May 10, 2022 update for Windows Server 2016 (KB5013952) updating the OS build number to 14393.5125, is a monthly cumulative update that includes the following Identity-related improvements:
- It addresses an issue that might occur when you use netdom.exe or the Active Directory Domains and Trusts snap-in to list or modify name suffixes routing. These procedures might fail. This issue occurs after installing the January 2022 security update on the primary domain controller emulator (PDCe). The error message is:
Insufficient system resources exist to complete the requested service.
- It addresses an issue that might cause kerberos.dll to stop working within the Local Security Authority Subsystem Service (LSASS). This occurs when LSASS processes simultaneous Service for User (S4U) user-to-user (U2U) requests for the same client user.
KB5015019 May 19, 2022 Out of Band
The May 19, 2022 update for Windows Server 2016 (KB5015019) updating the OS build number to 14393.5127, is an out-of-band update that addresses a known issue that might prevent some services from authenticating machine accounts on clients or servers. This issue occurs after you install the May 10, 2022 update on domain controllers.
Windows Server 2019
We observed the following updates for Windows Server 2019:
KB5013941 May 10, 2022
The May 10, 2022 update for Windows Server 2019 (KB5013941) updating the OS build number to 17763.2928 is a monthly cumulative update that
includes the following Identity-related improvements:
- It addresses an issue that causes the Key Distribution Center (KDC) code to incorrectly return the following error message during domain controller shutdown:
KDC_ERR_TGT_REVOKED
- It addresses an issue that might fail to copy the security portion of a Group Policy to a machine.
- It addresses an issue that causes the primary domain controller (PDC) of the root domain to generate warning and error events in the System log. This issue occurs when the PDC incorrectly tries to scan outgoing-only trusts.
- It addresses an issue that might occur when you use netdom.exe or the Active Directory Domains and Trusts snap-in to list or modify name suffixes routing. These procedures might fail. This issue occurs after installing the January 2022 security update on the primary domain controller emulator (PDCe). The error message is:
Insufficient system resources exist to complete the requested service.
KB5015018 May 19, 2022 Out of Band
The May 19, 2022 update for Windows Server 2019 (KB5015018) updating the OS build number to 17763.2931, is an out-of-band update that addresses a known issue that might prevent some services from authenticating machine accounts on clients or servers. This issue occurs after you install the May 10, 2022 update on domain controllers.
KB5014022 May 24, 2022 Preview
The May 24, 2022 update for Windows Server 2019 (KB5014022) updating the OS build number to 17763.2989, is a preview update that includes the following Identity-related improvements:
- It addresses an issue that affects remote procedure calls (RPC) to the Win32_User or Win32_Group WMI class. The domain member that runs the RPC contacts the domain controller holding the PDC emulator (PDCe) Flexible Single Master Operations (FSMO) role. When multiple RPCs occur simultaneously on many domain members, this might overwhelm the PDCe.
- It addresses an issue that occurs when adding a trusted user, group, or computer that has a one-way trust in place. The following error message appears:
The object selected doesn't match the type of destination source
- It addresses a known issue that might cause Windows Server-based hosts to log events with event ID 40 in the System event log, whenever you update or refresh a Group Policy on a server or client. The event Description is:
The event logging service encountered an error when attempting to apply one or more policy settings.
Windows Server 2022
We observed the following updates for Windows Server 2022:
KB5013944 May 10, 2022
The May 10, 20222 update for Windows Server 2022 (KB5013944), updating the OS build number to 20348.707, is a monthly cumulative update that includes the following Identity-related improvements:
- It addresses an issue that causes Kerberos authentication to fail when a client machine attempts to use the Remote Desktop Protocol (RDP) to connect to another machine while Remote Credential Guard is enabled. The error is:
0xc0030009 (RPC_NT_NULL_REF_POINTER)
- It addresses an issue that might fail to copy the security portion of a Group Policy to a machine.
- It addresses an issue that causes the Key Distribution Center (KDC) code to incorrectly return the following error message during domain controller shutdown:
KDC_ERR_TGT_REVOKED
- It optimizes the Active Directory Federation Services (AD FS) artifact database by deleting expired artifacts.
- It addresses an issue that might occur when you use netdom.exe or the Active Directory Domains and Trusts snap-in to list or modify name suffixes routing. These procedures might fail. This issue occurs after installing the January 2022 security update on the primary domain controller emulator (PDCe). The error message is:
Insufficient system resources exist to complete the requested service.
- It addresses an issue that causes the primary domain controller (PDC) of the root domain to generate warning and error events in the System log. This issue occurs when the PDC incorrectly tries to scan outgoing-only trusts.
KB5015013 May 19, 2022 Out of Band
The May 19, 2022 update for Windows Server 2022 (KB5015013) updating the OS build number to 20348.709, is an out-of-band update that addresses a known issue that might prevent some services from authenticating machine accounts on clients or servers. This issue occurs after you install the May 10, 2022 update on domain controllers.
KB5014021 May 24, 2022 Preview
The May 24, 2022 update for Windows Server 2022 (KB5014021), updating the OS build number to 20348.740, is a preview update that includes the following Identity-related improvements:
- It addresses an issue that affects remote procedure calls (RPC) to the Win32_User or Win32_Group WMI class. The domain member that runs the RPC contacts the domain controller holding the PDC emulator (PDCe) Flexible Single Master Operations (FSMO) role. When multiple RPCs occur simultaneously on many domain members, this might overwhelm the PDCe.
- It addresses an issue that occurs when adding a trusted user, group, or computer that has a one-way trust in place. The following error message appears:
The object selected doesn't match the type of destination source
Login