On-premises Identity-related updates and fixes for January 2024

Reading Time: 3 minutes

Windows Serrer

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.

This is the list of Identity-related updates and fixes we saw for January 2024:

 

Windows Server 2016

We observed the following update for Windows Server 2016:

KB5034119 January 9, 2024

The January 9, 2024, update for Windows Server 2016 (KB5034119), updating the OS build number to 14393.6614 is a monthly cumulative update and includes no Identity-related improvements. Updates for Windows Server 2016 merely address security issues for your Windows operating system, because the product is in extended support.

 

Windows Server 2019

We observed the following update for Windows Server 2019:

KB5034127 January 9, 2024

The January 9, 2024, update for Windows Server 2019 (KB5034127), updating the OS build number to 17763.5329, is a monthly cumulative update and includes the following Identity-related improvements:

  • This update addresses an issue that causes your device to shut down after 60 seconds. This occurs when you use a smart card to authenticate on a remote system.
  • This update addresses an issue that affects the Windows Local Administrator Password Solution (Windows LAPS). The LAPS account does not work. This occurs if the password is older than the age that the maximum age device policy allows.
  • This update addresses an issue that affects the Kerberos Key Distribution Center (KDC). It returns an  error during trust referrals, which is wrong:

KDC_ERR_S_PRINCIPAL_UNKNOWN

  • This update addresses an issue that causes lsass.exe to stop responding. Because of this, a restart loop occurs.
  • This update addresses an issue that affects the Key Distribution Service (KDS). It does not start in the time required if LDAP referrals are needed.
  • This update addresses an issue that affects Group Policy Folder Redirection in a multi-forest deployment. The issue stops admins from choosing a group account from the target Active Directory domain. Because of this, admins cannot apply advanced folder redirection settings to that Active Directory domain. This issue occurs when the target domain has a one-way trust with the domain of the admin's user account. This issue affects all Enhanced Security Admin Environment (ESAE), Hardened Forests (HF) and Privileged Access Management (PAM) deployments.

 

Windows Server 2022

We observed the following update for Windows Server 2022:

KB5034129 January 9, 2024

The January 9, 2024, update for Windows Server 2022 (KB5034129), updating the OS build number to 20348.2227, is a monthly cumulative update and includes the following Identity-related improvements:

  • This update addresses an issue that causes your device to shut down after 60 seconds. This occurs when you use a smart card to authenticate on a remote system.
  • This update addresses an issue that affects the Windows Local Administrator Password Solution (Windows LAPS). The LAPS account does not work. This occurs if the password is older than the age that the maximum age device policy allows.
  • This update addresses an issue that affects the Kerberos Key Distribution Center (KDC). It returns an  error during trust referrals, which is wrong:

KDC_ERR_S_PRINCIPAL_UNKNOWN

  • This update addresses an issue that causes lsass.exe to stop responding. Because of this, a restart loop occurs.
  • This update addresses an issue that affects the Key Distribution Service (KDS). It does not start in the time required if LDAP referrals are needed.
  • This update addresses an issue that affects account lockout event 4625. The format of the event is wrong in the ForwardedEvents log. This occurs when an account name is in the user principal name (UPN) format.
  • This update addresses an issue that affects hybrid joined devices. You cannot sign in to them if they are not connected to the internet. This occurs when you use a Windows Hello for Business PIN or biometric credentials. This issue applies to a cloud trust deployment.
  • This update addresses an issue that affects the Trusted Sites Zone logon policy. You cannot manage it using mobile device management (MDM).
  • This update addresses an issue that affects the display of a smart card icon. The icon does not appear when you sign in. This occurs when there are multiple certificates on the smart card.
  • This update addresses an issue that affects Active Directory domain controllers. They report the following errorswhen you create new users, on the Domain Controller with the Primary Domain Controller emulators (PDCe) Flexible Single Master Operations (FSMO) role:

DS_BUSY

  • This update addresses an issue that affects the msDS-KeyCredentialLink attribute. In some cases, it is updated when it should not be.

Posted on February 1, 2024 by Sander Berkouwer in Active Directory, What's New

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.