Share via

server security update kb5051979 breaks pki

Anonymous
2025-02-12T09:35:24+00:00

Having deployed security update kb5051979 yesterday, this morning, no user was able to authenticate using certificate/pin. this included windows sign in, vpn (nps), wifi (nps).

Ive not seen any other reports of this online, but i do remember a very similar, if not the same, issue on a previously released update some time back.

Windows Server Devices and deployment Install Windows updates, features, or roles

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-02-13T09:22:11+00:00

    https://support.microsoft.com/en-gb/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16 is your reference.

    If you have not applied the StrongCertificateBindingEnforcemen t registry key change to put into compatibility mode for unsecure certificates, no-one will be authenticated and no-one will be able to login.

    https://www.reddit.com/r/sysadmin/comments/1im304c/strong_certificate_mapping_is_fully_enforced_from/ - reference.

    Good luck!

    2 people found this answer helpful.
    0 comments