April 2026 Windows Update patch on Windows Server Domain Controller enter reboot loops

Question

April 2026 Windows Update patch on Windows Server Domain Controller enter reboot loops

Chris McLeod 0

I've installed the April 2026 Windows Updates on one of my Windows Server 2022 Domain Controllers and the system will no longer boot up properly, after several restarts a blue troubleshooting screen appears.

0 comments

3 answers

Your answer

Answer 1

Scott Nguyen 1,470 Independent Advisor

Hello.

You should first interrupt the boot process to enter the Windows Recovery Environment and launch the Command Prompt to begin a manual rollback of the patch. Once the prompt is open, identify the specific update package identity by running dism /image:C:\ /get-packages and looking for the entry with the April 2026 installation timestamp. You can then target that specific update for removal by executing dism /image:C:\ /remove-package /packagename:[PackageName], replacing the placeholder with the long identity string you found.

After the uninstallation completes, check for the existence of C:\Windows\WinSxS\pending.xml and rename or delete it to ensure any stuck installation flags are cleared before you attempt a normal reboot. Once you are back in the OS, I recommend not updating on you domain controllers until Microsoft releases an fix for this specific build.

If you find my answer useful, please mark it as the "Accepted Answer" so other members can find the solution easily. Your help in supporting the community is much appreciated!
Best regards,
Scott

Lynn Breaux 0 Reputation points

2026-04-18T14:16:09.4+00:00

I have not been able to contact microsoft business support in any way shape or fashion regarding this matter. Does anyone have a contact for them?
Chris McLeod 0 Reputation points

2026-04-20T14:49:28.71+00:00

Here is the web link that Microsoft provided with the instructions to fix the reported issue.

https://support.microsoft.com/en-us/topic/april-19-2026-kb5091575-os-build-20348-5024-out-of-band-4a5a784e-e50a-4358-8093-b1654aecdbd1

Prior to implementing the patch I had to restore my Domain Controller VM from a backup date prior to the installation of the April 2026 Windows Updates, which I used Monday April 13th. I then applied the Microsoft KB Patch which you can obtain from clicking on the hyperlink to the Microsoft Catalog Web Portal.

After installing the patch, I was able to complete the April 2026 Windows Update Process on my DC.

Answer 2

Terri T. 0

I ran into something very similar after patching a Windows Server 2022 DC this month. When a Domain Controller enters a reboot loop right after cumulative updates, I’d treat it as a bad update/boot driver issue until proven otherwise.

What I would do first:

Boot into Windows Recovery Environment
After multiple failed boots, choose Advanced Options then Troubleshoot.
Try Safe Mode

If Safe Mode loads, remove the latest cumulative update from there. Many times the server can boot normally after rollback.

Uninstall latest update from Recovery

Go to:

Advanced Options

Uninstall Updates
Remove latest quality update

Chris McLeod 0 Reputation points

2026-04-20T14:51:39.5633333+00:00

Here is the web link that Microsoft provided with the instructions to fix the reported issue.

https://support.microsoft.com/en-us/topic/april-19-2026-kb5091575-os-build-20348-5024-out-of-band-4a5a784e-e50a-4358-8093-b1654aecdbd1

Prior to implementing the patch I had to restore my Domain Controller VM from a backup date prior to the installation of the April 2026 Windows Updates, which I used Monday April 13th. I then applied the Microsoft KB Patch which you can obtain from clicking on the hyperlink to the Microsoft Catalog Web Portal.

After installing the patch, I was able to complete the April 2026 Windows Update Process on my DC.

Answer 3

The behavior matches a known issue with the April 2026 Windows security updates on Windows Server domain controllers.

After installing the April 2026 security update on Windows Server (including Windows Server 2022), non–Global Catalog (non‑GC) domain controllers in environments using Privileged Access Management (PAM) can experience LSASS crashes during startup. This causes repeated restarts and can prevent authentication and directory services from working, effectively putting the DC into a reboot loop and potentially impacting the whole domain.

Key points for this scenario:

Affected systems
- Windows Server 2022 domain controllers (and other listed Windows Server versions) that:
  - Are non‑Global Catalog DCs, and
  - Are in environments using Privileged Access Management (PAM).
Trigger
- Installation of the April 2026 Windows security update (for Windows Server 2022 this is OS Build 20348.5020, KB5082142) followed by reboot.
Symptoms
- LSASS crashes during startup on the affected DC.
- The DC restarts repeatedly.
- Authentication and directory services are unavailable from that DC; in some environments the domain can become unavailable.
- Similar behavior can also occur when setting up a new DC or if authentication requests hit the DC very early in startup.
Workaround / mitigation
- IT administrators should contact Microsoft Support for business to obtain and apply the official mitigation.
- The mitigation can be applied:
  - On DCs that already have the April 2026 update installed and are affected, or
  - Before installing the April 2026 update to prevent the issue.
Resolution status
- Microsoft has confirmed the issue and is working on a fix that will be released in the following days. Installing that future update, once available, will be the long‑term resolution.

Immediate recommended action:

Do not continue attempting normal boots of the affected DC.
Engage Microsoft Support for business to obtain and apply the mitigation for the April 2026 DC reboot/LSASS crash issue before bringing the DC back into production.

References:

Share via

April 2026 Windows Update patch on Windows Server Domain Controller enter reboot loops

3 answers

What I would do first:

Your answer