Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.
This is the list of Identity-related updates and fixes we saw for May 2024:
Windows Server 2016
We observed the following update for Windows Server 2016:
KB5037763 May 14, 2024
The May 14, 2024, update for Windows Server 2016 (KB5037763), updating the OS build number to 14393.6981, is a monthly cumulative update. It includes the following Identity-related improvements:
- This update addresses a known issue that might affect domain controllers (DC). NTLM authentication traffic might increase.
- This update affects next secure record 3 (NSEC3) validation in a recursive resolver. Its limit is now 1,000 computations. One computation is equal to the validation of one label with one iteration. DNS Server Administrators can change the default number of computations.
Windows Server 2019
We observed the following update for Windows Server 2019:
KB5036896 May 14, 2024
The May 14, 2024, update for Windows Server 2019 (KB5037765), updating the OS build number to 17763.5820, is a monthly cumulative update. It includes the following Identity-related improvements:
- This update affects next secure record 3 (NSEC3) validation in a recursive resolver. Its limit is now 1,000 computations. One computation is equal to the validation of one label with one iteration. DNS Server Administrators can change the default number of computations.
- This update addresses an issue that affects Active Directory. Bind requests to IPv6 addresses fail. This occurs when the requestor is not joined to a domain.
- This update addresses a known issue that might affect domain controllers (DC). NTLM authentication traffic might increase.
KB5039705 May 23, 2024
The May 23, 2024, update for Windows Server 2019 (KB5039705), updating the OS build number to 17763.5830, is an out-of-band update to address a known issue when installing the KB5036896 May 14, 2024 updates for Windows Server 2019. You may experience:
- error code 0x800f0982 when installing the update on a Windows Server 2019-based Domain Controller with the English (United States) language pack.
- error code 0x80004005 when installing on a Windows Server 2019-based Domain Controller without this language pack installed.
Windows Server 2022
We observed the following update for Windows Server 2022:
KB5037782 May 24, 2024
The May 24, 2024, update for Windows Server 2022 (KB5037782), updating the OS build number to 20348.2461, is a monthly cumulative update. It includes the following Identity-related improvements:
- This update addresses a known issue that might affect domain controllers (DC). NTLM authentication traffic might increase.
- This update addresses an issue that affects Wi-Fi Protected Access 3 (WPA3) in the Group Policy editor. HTML preview rendering fails.
- This update addresses an issue that affects a server after you remove it from a domain. The Get-LocalGroupMember cmdlet returns an exception. This occurs if local groups contain domain members.
- This update affects next secure record 3 (NSEC3) validation in a recursive resolver. Its limit is now 1,000 computations. One computation is equal to the validation of one label with one iteration. DNS Server Administrators can change the default number of computations.
- This update addresses an issue that affects a workstation that is not in a domain. When you connect from it to a share and use an IPv6 address, you get the error:
ERROR_BAD_NET_NAME
- This update addresses an issue that affects Group Policy Folder Redirection in a multi-forest deployment. The issue stops admins from choosing a group account from the target domain. Because of this, they cannot apply advanced folder redirection settings to that domain. This issue occurs when the target domain has a one-way trust with the domain of the admin. This issue affects all Enhanced Security Admin Environment (ESAE), Hardened Forests (HF) and Privileged Access Management (PAM) deployments.
Login