On-premises Identity-related updates and fixes for October 2023

Reading Time: 3 minutes

Windows Serrer

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.

This is the list of Identity-related updates and fixes we saw for October 2023:

 

Windows Server 2016

We observed the following update for Windows Server 2016:

KB5031362 October 10, 2023

The October 10, 2023, update for Windows Server 2016 (KB5031362), updating the OS build number to 14393.6351 is a monthly cumulative update and includes one Identity-related improvements. This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect Lightweight Directory Access Protocol (LDAP) queries and authentication.

 

Windows Server 2019

We observed the following update for Windows Server 2019:

KB5031361 October 10, 2023

The October 10, 2023, 2023, update for Windows Server 2019 (KB5031361), updating the OS build number to 17763.4974, is a monthly cumulative update and includes four Identity-related improvements:

  • This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect LDAP queries and authentication.
  • This update addresses an issue that affects those who enable the Smart Card is Required for Interactive Logon account option. When RC4 is disabled, you cannot authenticate to Remote Desktop Services (RDS) farms. The error message is:

An authentication error has occurred. The requested encryption type is not supported by the KDC.

  • This update addresses an issue that affects Kerberos delegation. It might fail in the wrong way. This issue might occur when you mark the intermediate service account as This account is sensitive and cannot be delegated in Active Directory. The error code is:

0xC000006E (STATUS_ACCOUNT_RESTRICTION)

Applications might also return the error message:

System.Security.Authentication.AuthenticationException: Failed to initialize security context. Error code was -2146893042.

  • This update addresses an issue that affects a relying party in Active Directory Federation Services (AD FS). When you sign out of it, a SAML request cookie is not cleared. Because of this, your device automatically attempts to connect to the same relying party when you sign in again.

 

Windows Server 2022

We observed the following update for Windows Server 2022:

KB5031364 October 10, 2023

The October 10, 2023, update for Windows Server 2022 (KB5031364), updating the OS build number to 20348.2031, is a monthly cumulative update and includes four Identity-related improvements:

  • This update addresses an issue that affects external binding. It fails. This occurs after you install Windows updates dated May 2023 or later. Because of this, there are issues that affect LDAP queries and authentication.
  • This update addresses an issue that affects those who enable the Smart Card is Required for Interactive Logon account option. When RC4 is disabled, you cannot authenticate to Remote Desktop Services (RDS) farms. The error message is:

An authentication error has occurred. The requested encryption type is not supported by the KDC.

  • This update addresses an issue that affects Kerberos delegation. It might fail in the wrong way. This issue might occur when you mark the intermediate service account as This account is sensitive and cannot be delegated in Active Directory. The error code is:

0xC000006E (STATUS_ACCOUNT_RESTRICTION)

Applications might also return the error message:

System.Security.Authentication.AuthenticationException: Failed to initialize security context. Error code was -2146893042.

  • This update affects Active Directory event ID 1644 processing. It now accepts events that are more than 64 KB in length. This change truncates LDAP queries that are in event 1644 to 20000 characters by default. You can configure the 20K value using the registry key DEFAULT_DB_EXPENSIVE_SEARCH_FILTER_MAX_LOGGING_LENGTH_IN_CHARS.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.