KB5039227 installing on Windows Server 2022 DC caused our Domain to become Unavailable.

Question

KB5039227 installing on Windows Server 2022 DC caused our Domain to become Unavailable.

Installed ok on to all 4 DC's but Domain became Unavailable after installing on last one.

Had to uninstall the update to fix it.

Suspect lsass.exe to be the cause.

Anyone else had this?

Answer 1

Hi Mad Ian,

Thank you for posting in the Microsoft Community Forums.

KB5039227 is an update patch, but according to what you describe, it causes domain services to be unavailable after installation on the last DC.

LSASS Memory Leak: lsass.exe is the Local Security Authorization Subsystem Service (LSASS) process, which is responsible for performing security-related functions on Windows systems. If lsass.exe has a memory leak, it may cause instability or even crash of the domain controller.

While other DCs do not experience problems after installing the update, the last DC may be affected due to a specific system configuration, hardware, software environment, or other factors.

Solution:

As you mentioned, the issue was resolved after uninstalling the KB5039227 update. This further confirms that the update may be related to a specific issue on your DC.

Microsoft may have released an emergency patch to fix the issue. You should check the Microsoft Update Catalog page to see if there is a patch for your version of Windows Server 2022 and apply it as soon as possible.

If waiting for a new patch is not a viable option, you may need to consider other fixes such as changing your system configuration, updating your hardware or software.

Be sure to back up all important data before performing any actions that may affect system stability.

: It's a good idea to fully test updates in a test environment before applying them to a production environment.

Monitoring and logging: Regularly monitor the performance and logging of domain controllers so that potential problems can be detected and resolved in a timely manner.

In summary: The issue with KB5039227 causing domain services to be unavailable after installation on Windows Server 2022 DC may be due to an LSASS memory leak or other system-specific configuration/environmental issues. It is recommended to uninstall the update and wait for Microsoft to release a new patch or consider alternative fixes. In the meantime, be sure to apply the update with caution and regularly monitor system performance and logging.

Best regards

Neuvi Jiang

Answer 2

It seems that KB5039227 caused our Domain Issue after the update had been installed to all the DC's on our Domain.

It is not specific to 1 DC. This was proved by the following (we have 4 DC's):

Installed on DC4 ok

Installed on DC3 ok

Installed on DC2 ok

Installed on DC1 ok

Domain became Unavailable

Un-Installed from DC2

Domain became Available

We have since uninstalled it from all DC's but can any logs be checked to see what happened?

Answer 3

I re-installed the update onto DC2 and we had the issue again, so i've uninstalled it. Are there any logs I can check?

Answer 4

Hi Mad Ian,

 Have a nice day！

In the Event Viewer, expand the Windows Logs node.

View related events in the System, Application, and Security logs. These logs may contain detailed information about errors that occurred during or after the installation of KB5039227.

For errors related to domain controllers, you may want to pay special attention to events related to the Security log, as these issues may affect authentication and domain services.

Best regards

Neuvi Jiang

Answer 5

We are still having this issue and have not been able to update our Domain Controllers since June 2024. I just tried again and after the update we cannot log back in - the server refuses to authenticate. I managed to get back in and uninstall the update by removing the network from the server (disconnect vswitch).

Anyone have any ideas? Can't see anything useful in the logs.