Share via

Windows Server 2016 VM - NTFS corruption and boot loop after January 2026 CU (KB5073722)

François-xavier THIRY 5 Reputation points
2026-02-04T08:48:42.62+00:00

After installing the January 2026 Cumulative Update (KB5073722) on a Windows Server 2016 Datacenter Hyper-V VM, we experienced NTFS corruption approximately 15 hours post-update. The VM then entered an unrecoverable CHKDSK/Automatic Repair loop.

Environment

  • OS: Windows Server 2016 Datacenter
  • Type: Hyper-V guest VM (Host is Windows Server 2016 on Dell PowerEdge)
  • Role: File Server
  • Updates installed: KB5073447 (SSU) + KB5073722 (CU) on January 25, 2026

Issue Description

  1. The server ran fine for 38 days prior to the update.
  2. We installed the January 2026 updates (SSU + CU) and rebooted.
  3. The VM booted normally after the update and kept running.
  4. ~15 hours later, NTFS corruption events appeared on C: (Event ID 55) and Windows indicated that a full offline disk check was required (Event ID 98).
  5. We rebooted to let Windows run CHKDSK on C:.
  6. Result: The VM entered a CHKDSK/Automatic Repair loop and never recovered.

Event Log Timeline

Timestamp Event
2026-01-25 11:11 Windows Update starts downloading KB5073447 (SSU) + KB5073722 (CU)
2026-01-25 11:32 SSU installed successfully, CU installation started
2026-01-25 12:46 Reboot requested by update (User32 1074)
2026-01-25 12:47 Windows Update Orchestrator failed to stop cleanly (SCM 7043)
2026-01-25 12:56 System boots after reboot (System 6005)
2026-01-25 12:56 luafv driver load blocked (SCM 7000)
2026-01-25 12:58 KB5073722 logged as "installed successfully"
2026-01-26 04:02 NTFS Event ID 55 on C: - corruption discovered

Corruption Details

  • Type: $I30:$INDEX_ALLOCATION (directory index metadata)
  • Path: C:\Windows\System32\SMI\Store\Machine (Windows servicing infrastructure CBS/CSI)

Recovery Attempts (All Unsuccessful)

  • chkdsk /f /r (offline / recovery environment)
  • sfc /scannow (offline)
  • DISM /RestoreHealth (offline)
  • bootrec /rebuildbcd + bcdboot

Outcome

Nothing brought the OS back to a stable boot. We had to reinstall (migrated to Server 2019). Data volumes (separate VHDX) were intact.

Additional Information

  • Other VMs running on the same storage system did not experience this issue.

Questions

  1. Is this a known issue with KB5073722 on Windows Server 2016?
  2. Are there any recommended workarounds before applying this update?
  3. Is there any additional recovery method we could have tried?

Thank you for your assistance.

Windows for business | Windows Server | Devices and deployment | Install Windows updates, features, or roles
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. François-xavier THIRY 5 Reputation points
    2026-02-04T13:25:21.7733333+00:00

    Thank you for the detailed response, Jason.

    Your note about “isolated reports in Hyper-V guest setups” matches our environment. I wanted to share additional forensic data in case it helps correlate patterns.

    We have two Windows Server 2016 VMs on the same Hyper-V cluster with different outcomes after the Jan 2026 CU (KB5073722):

    • VM A (File Server): During the KB5073722 install, Windows Error Reporting logged RADAR_PRE_LEAK_64 involving TiWorker.exe (potential memory leak warning). The VM rebooted successfully and ran normally for ~15 hours. At 2026-01-26 04:02, TrustedInstaller and the Windows Update agent started, and within seconds NTFS logged Event ID 98 and Event ID 55 on C: (offline/full CHKDSK required), with an $I30 index corruption reported under \Windows\System32\SMI\Store\Machine.
    • VM B (Mail Server): KB5073722 installed later (2026-01-26 19:07) with no RADAR_PRE_LEAK_64 observed, and it remains healthy.

    Does this pattern (RADAR_PRE_LEAK_64 on TiWorker during install + delayed NTFS 55/98 during post-update servicing activity) match anything you’ve seen in the other Hyper-V guest reports?

    I can provide the exact Event IDs/timestamps and relevant CBS/WindowsUpdate logs if helpful.

    Was this answer helpful?

    1 person found this answer helpful.
  2. Jason Nguyen Tran 18,720 Reputation points Independent Advisor
    2026-02-20T01:24:06.6333333+00:00

    Hello François-xavier THIRY,

    Just checking in to see if there’s any update on this issue. If the suggestions helped resolve it, I’d appreciate it if you could click accept the answer. And feel free to reply if you need any further assistance. Have a nice day!

    Was this answer helpful?

    0 comments
  3. Jason Nguyen Tran 18,720 Reputation points Independent Advisor
    2026-02-04T09:31:22.17+00:00

    Hello François-xavier THIRY,

    From what you’ve outlined, the NTFS corruption after applying KB5073722 seems to be tied to system metadata in the servicing infrastructure, which explains why standard recovery tools like CHKDSK, SFC, and DISM weren’t able to bring the VM back to a stable state. Unfortunately, once corruption occurs at that level, reinstalling the OS is often the only reliable path forward, as you discovered.

    At this point, there aren’t widely documented cases of KB5073722 causing NTFS corruption across all environments, but there have been isolated reports in Hyper-V guest setups. The safest approach is to hold off on applying this update to other production VMs until more clarity is available, and to rely on snapshots or backups before testing cumulative updates. For environments that require higher resilience, migrating workloads to Server 2019 or 2022 can help, since their servicing stack is more robust.

    In terms of recovery, you already attempted the right methods, and given the corruption was in CBS/CSI directories, there wasn’t much else that could have been tried. Monitoring the Windows release health dashboard or community forums is the best way to stay updated on whether this becomes a recognized issue with an official workaround.

    I hope this clarifies the root cause and next steps. If you find this answer helpful, please consider clicking Accept Answer 😊 so I know your concern has been resolved.

    Feel free to reply if you need any additional assistance.

    Was this answer helpful?

    0 comments

  4. AI answer

    2026-02-04T08:48:57.4433333+00:00
    1. Known Issue: There is no specific mention of a known issue related to KB5073722 on Windows Server 2016 in the provided context. However, it is advisable to check for any updates or patches released after January 2026 that may address this issue, as Microsoft frequently releases updates to resolve such problems.
    2. Recommended Workarounds: Before applying major updates like cumulative updates (CUs), it is generally recommended to:
      • Ensure that you have a complete backup of your system and data.
      • Review the release notes for the update to identify any known issues or prerequisites.
      • Test the update in a non-production environment if possible.
      • Consider delaying the update until any reported issues are resolved.
    3. Additional Recovery Methods: In addition to the methods you have already tried (CHKDSK, SFC, DISM, and bootrec), you might consider:
      • Using a Windows installation media to access recovery options and perform a system restore if a restore point is available.
      • If the corruption is severe, you may need to consider data recovery tools or services that specialize in NTFS file system recovery.
      • If the system is still unbootable, you could also try to access the VM's VHDX file from another Windows installation to recover any critical data directly.

    Given that other VMs on the same storage system did not experience this issue, it may also be beneficial to investigate any specific configurations or conditions that could have contributed to the corruption in this particular VM.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.