New Windows Server updates bring about DC boot loops, crack Hyper-V

Windows Server

The most recent Home windows Server updates are creating extreme difficulties for administrators, with domain controllers acquiring spontaneous reboots, Hyper-V not setting up, and inaccessible ReFS volumes until finally the updates are rolled again

Yesterday, Microsoft produced the Home windows Server 2012 R2 KB5009624 update, the Home windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as aspect of the January 2022 Patch Tuesday.

Right after setting up these updates, directors have been battling several challenges that are only fixed immediately after taking away the updates.

Home windows domain controller boot loops

The most significant concern launched by these updates is that Home windows domain controllers enter a boot loop, with servers obtaining into an unlimited cycle of Home windows commencing and then rebooting immediately after a handful of minutes.

As initial documented by BornCity, this problem influences all supported Home windows Server variations.

“Looks KB5009557 (2019) and KB5009555 (2022) are triggering one thing to fall short on domain controllers, which then preserve rebooting each and every couple minutes,” a user posted to Reddit.

A Home windows Server administrator explained to BleepingComputer that they see the LSASS.exe procedure use all of the CPU on a server and then in the long run terminate.

As LSASS is a vital method needed for Home windows to work accurately, the running program will routinely restart when the method is terminated.

The subsequent error will be logged to the party viewer when restarting thanks to a crashed LSASS method, as one more user on Reddit shared.

“The approach wininit.exe has initiated the restart of laptop [computer_name] on behalf of user for the next rationale: No title for this explanation could be uncovered Purpose Code: 0x50006 Shutdown Form: restart Comment: The process method ‘C:WINDOWSsystem32lsass.exe’ terminated unexpectedly with position code -1073741819. The system will now shut down and restart.”

Hyper-V no lengthier starts off

In addition to the boot loops, BleepingComputer has been informed by Windows directors that soon after putting in the patches, Hyper-V no extended starts on the server.

This bug principally affects Windows Server 2012 R2 server, but other unverified experiences say it has an effect on more recent variations of Home windows Server.

As Hyper-V is not commenced, when making an attempt to launch a digital equipment, buyers will receive an mistake stating the pursuing:

“Virtual machine xxx could not be began since the hypervisor is not functioning.”

Microsoft introduced stability updates to resolve four different Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are possible producing this situation.

ReFS file techniques are no for a longer period accessible

Ultimately, various admins are reporting that Home windows Resilient File Technique (ReFS) volumes are no for a longer period accessible or are viewed as Uncooked (unformatted) just after setting up the updates.

The Resilient File Method (ReFS) is a Microsoft proprietary file technique that has been developed for higher availability, data recovery, and higher efficiency for very huge storage volumes.

“Installed these updates tonight, in a two server Trade 2016 CU22 DAG, running on Server 2012 R2. Right after a actually long reboot, the server came again up with all the ReFS volumes as Uncooked,” discussed a Microsoft Trade administrator on Reddit.

“NTFS volumes connected had been wonderful. I know this is not completely an exchange dilemma but it is impacting my means to deliver expert services for Trade back on line.”

Uninstalling the Home windows Server updates built the ReFS volumes available once more.

Yesterday, Microsoft fastened seven distant code execution vulnerabilities in ReFS, with one or more probably behind the inaccessible ReFS volumes.

These vulnerabilities are tracked as CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022-21928.

How to correct?

Regrettably, the only way to correct these difficulties is to uninstall the corresponding cumulative update for your Home windows edition.

Admins can do this by utilizing a single of the next instructions:

Windows Server 2012 R2: wusa /uninstall /kb:KB5009624 
Home windows Server 2019: wusa /uninstall /kb:KB5009557 
Home windows Server 2022: wusa /uninstall /kb:KB5009555

As Microsoft bundles all protection fixes into the single update, removing the cumulative update may well fix the bugs, but will also eliminate all fixes for not long ago patched vulnerabilities.

Hence, uninstalling these updates should only be accomplished if unquestionably vital.

Not to be outdone by Windows Server, Windows 10 and Windows 11’s updates are also breaking L2TP VPN connections.

BleepingComputer has arrived at out to Microsoft for fixes on these difficulties but has not heard back again at this time.

Related posts