Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.
This is the list of Identity-related updates and fixes we saw for August 2023:
Windows Server 2016
We observed the following update for Windows Server 2016:
KB5029242 August 8, 2023
The August 8, 2023, update for Windows Server 2016 (KB5029242), updating the OS build number to 14393.6167, is a monthly cumulative update and includes one Identity-related improvement. This update addresses an issue that affects Kerberos constrained delegation (KCD). It fails on read-write domain controllers. This occurs after you install the November 2022 security updates. The error message is:
KRB_AP_ERR_MODIFIED
Windows Server 2019
We observed the following update for Windows Server 2019:
KB5029247 August 8, 2023
The August 8, 2023, update for Windows Server 2019 (KB5029247), updating the OS build number to 17763.4737, is a monthly cumulative update and includes three Identity-related improvements:
- This update addresses an issue that affects Kerberos constrained delegation (KCD). It fails on read-write domain controllers. This occurs after you install the November 2022 security updates. The error message is:
KRB_AP_ERR_MODIFIED
- This update addresses an issue that affects Active Directory Federation Services (AD FS). It might take several attempts to sign in to AD FS successfully. This is because the time calculation for the expiration of a Single Sign-on (SSO) cookie is wrong.
- This update addresses an issue that affects the Active Directory Domains and Trusts MMC snap-in. It fails to enumerate domain trusts. The error message is:
The parameter is incorrect
Windows Server 2022
We observed the following update for Windows Server 2022:
KB5029250 August 8, 2023
The August 8, 2023, update for Windows Server 2022 (KB5029250), updating the OS build number to 20348.1906, is a monthly cumulative update and includes two Identity-related improvements:
- This update addresses an issue that affects Active Directory Federation Services (AD FS). It might take several attempts to sign in to AD FS successfully. This is because the time calculation for the expiration of a Single Sign-on (SSO) cookie is wrong.
- This update addresses an issue that affects the Active Directory Domains and Trusts MMC snap-in. It fails to enumerate domain trusts. The error message is:
The parameter is incorrect
Login