Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.

This is the list of Identity-related updates and fixes we saw for May 2023:

Windows Server 2016

We observed the following update for Windows Server 2016:

KB5026363 May 9, 2023

The May 9, 2023, update for Windows Server 2016 (KB5026363, updating the OS build number to 14393.5921, is a monthly cumulative update and includes an Identity-related improvement: It addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is:

STATUS_NETLOGON_NOT_STARTED

Windows Server 2019

We observed the following updates for Windows Server 2019:

KB5026362 May 9, 2023

The May 9, 2023, update for Windows Server 2019 (KB5026362), updating the OS build number to 17763.4377, is a monthly cumulative update and includes six Identity-related improvements:

• It addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is:

STATUS_NETLOGON_NOT_STARTED

• It addresses an issue that affects accounts that run the Set-AdfsCertificate PowerShell cmdlet. It fails. This occurs when an account does not have read permissions for the related Distributed Key Manager (DKM) container.
• It addresses an Active Directory Federation Services (AD FS) issue. You might need to retry authentication multiple times to sign in successfully.
• It addresses an issue that might affect the Windows Local Administrator Password Solution (LAPS). It might fail. This occurs on versions of Windows Server 2019 that run Server Core. The error code is:

0x8007007f

• It addresses a race condition in Windows LAPS. The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is:

0xc0000005

• It addresses an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after you have installed the April 11, 2023, Windows update on machines that have a legacy LAPS policy.

Windows Server 2022

We observed the following updates for Windows Server 2022:

KB5026370 May 9, 2023

The May 9, 2023, update for Windows Server 2022 (KB5026370), updating the OS build number to 20348.1726, is a monthly cumulative update and includes x Identity-related improvements:

• It addresses an issue that sends unexpected password expiration notices to users. This occurs when you set up an account to use Smart Card is Required for Interactive Logon and set Enable rolling of expiring NTLM secrets.
• It addresses an Active Directory Federation Services (AD FS) issue. You might need to retry authentication multiple times to sign in successfully.
• It addresses an issue that affects accounts that run the Set-AdfsCertificate PowerShell cmdlet. It fails. This occurs when an account does not have read permissions for the related Distributed Key Manager (DKM) container.
• It addresses a race condition in Windows LAPS. The Local Security Authority Subsystem Service (LSASS) might stop responding. This occurs when the system processes multiple local account operations at the same time. The access violation error code is:

0xc0000005

• It addresses an issue that affects the legacy Local Administrator Password Solution (LAPS) and the new Windows LAPS feature. They fail to manage the configured local account password. This occurs when you install the legacy LAPS .msi file after you have installed the April 11, 2023, Windows update on machines that have a legacy LAPS policy.