Microsoft urgently fixes the authorization problem in Windows AD


Microsoft has released unscheduled fixes (OOB) to solve the problem with authorization in Windows Active Directory (AD), which it has been working on since May 12. The problem appeared after installing Windows updates on domain controllers, the fixes released on Tuesday in May 2022. Server-side or client-side authorization failures were observed in Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP) and Protected Extensible Authentication Protocol (PEAP) services. The problem was related to how the mapping of certificates to device credentials was handled by the domain controller.

The OOB Windows updates released today are only available through the Microsoft Update Catalog and will not be distributed through Windows Update.

The company has released the following cumulative update packages for installation on domain controllers:

  • Windows Server 2022: KB5015013

  • Windows Server, version 20H2: KB5015020

  • Windows Server 2019: KB5015018

  • Windows Server 2016: KB5015019

Updates have also been released that are not related to the problem in any way:

  • Windows Server 2012 R2: KB5014986

  • Windows Server 2012: KB5014991

  • Windows Server 2008 R2 SP1: KB5014987

  • Windows Server 2008 SP2: KB5014990

All updates from the list can be manually imported into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Instructions for WSUS can be found on the WSUS page, and for Configuration Manager, on the page for importing updates from the Microsoft Update Catalog.

Start a discussion …