7,023 questions
Microsoft have released a patch to help address this issue
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#2781msgdesc
Anyone else have a problem with .NET function GetAllTrustRelationships() after KB5009557?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 37%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Paul Adams
41
Reputation points
I ran into an issue with a Citrix service (Citrix PVS Streaming Server) failing to start after KB5009557 was installed in my environment - it would crash with a .NET access violation when enumerating the forest trusts, which it has never done before.
Removing the update from my (2019) DCs appears to be a workaround, but as it is a cumulative update it is clearly not a solution.
Citrix have a registry value which skips the forest check on startup (even for the management tools), but I can reproduce the access violation with 3 lines in PowerShell (and no 3rd party modules):
Add-Type -Path "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll"
$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$forest.GetAllTrustRelationships()
This does not happen in all environments, so I am looking into what is consistent in the failing scenarios.
Oddly, it never crashes using the 32-bit powershell.exe.
My environment is basically 1 user forest and 3 resource forests; 2 with a 2-way forest trust and the 3rd a 1-way trust against the user forest.
The trusts themselves are working fine, it would be disruptive to delete & recreate them, and I was not able to reproduce the issue in a lab with 3 new forests.
Using an account in the user forest to execute the code triggers the exception, even without KB5009557.
Using an account in the local resource forest triggers the exception if KB5009557 is installed on the DCs.
This is true for the user forest and 2 of the resource forests - in the 3rd resource forest either account works without an exception.
So I am interested to know if anyone else out there with at least 1 forest trust gets the same symptom as me?
(Get-ADTrust works fine, but that uses ADWS instead of .NET.)
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Developer technologies | .NET | .NET Runtime
1,270 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 23%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JoeB 11 Reputation points2022-02-04T10:43:52.657+00:00 Same result here for above provided Code on different Systems.
e.g.
Server 2016 1609 14393.4886 DC - ISE 64 - Crash, ISE 32 ok
Server 2019 1809 17763.2510 ISE 64 - Crash, ISE 32 ok
Server 2022 21H2 20348.502 ISE 64 - Crash, ISE 32 okWe need this functionality for an Sharepoint 2019 Solution to create/modify Users in AD
Any Solution yet ?
-
Paul Adams 41 Reputation points
2022-02-04T15:05:16.29+00:00 Alas no solution, I have not even managed to figure out what the trigger is :(
I tried looking at the response to the API call using Wireshark against a patched and unpatched DC but didn't spot anything obviously "wrong" with the response.
Oddly, one forest trust to be enumerated (incoming one-way) was able to be displayed if I dumped the GetAllTrustRelationships() into a variable and then referenced it in the array - no idea what was special/different about that trust (now deprecated and removed).
Sign in to comment
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 50%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Barclay, Michael 86 Reputation points2022-02-06T08:34:10.49+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 33%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Jasper Meyer 6 Reputation points2022-02-07T07:45:20.113+00:00 Thanks :)
-
Paul Adams 41 Reputation points
2022-02-07T17:50:43.937+00:00 Cheers for that, I can confirm that the test skript no longer crashes powershell.exe after the hotfix is installed on the member server (not DC) and no reboot is required :)
Sign in to comment -
4 additional answers
Sort by: Most helpful
-
Jasper Meyer 6 Reputation points
2022-02-04T08:49:23.927+00:00 We, more exactly at least two of our customers, experienced that issue, too.
Our software (64 bit, hosted in IIS) tries to get the trust relationships at some point and there it crashes the IIS.
We could recreate the issue in their environments in PowerShell but haven't found another solution than uninstalling the said update.Have you found a solution by now?
I'll update my answer if we find one.-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 64%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Thomas Östreich 21 Reputation points2022-02-04T08:56:20.693+00:00 We have exactly the same problem.
Sign in to comment -
-
JoeB 11 Reputation points
2022-02-06T10:15:21.767+00:00 Thank you BarcleyMichael-7363 for this Information !
The OOB-Patch 2022-02 Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 for x64 (KB5011257) Last Modified: 2/5/2022 Size: 360 KB works for us on Windows Server 2019.
The MS-Catalog-Link for Windows Server 2019 is:
http://download.windowsupdate.com/c/msdownload/update/software/updt/2022/02/windows10.0-kb5011257-x64-ndp48_7c441c861f85e9a60b9f2c0f58aeb13a040e3659.msuGreat Job
Greetings -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 24%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Sébastien Lagueux 31 Reputation points2022-02-04T13:21:29.717+00:00 Same problem here! Please help!
-
Sébastien Lagueux 31 Reputation points
2022-02-04T16:10:38.6+00:00 I fixed it by removing/moving ALL users not in the same domain as management server is a member of. Hope this will be a fix for you as well.