Table of Contents
The hottest Windows Server updates are resulting in extreme problems for administrators, with domain controllers getting spontaneous reboots, Hyper-V not setting up, and inaccessible ReFS volumes right until the updates are rolled back
Yesterday, Microsoft produced the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Home windows Server 2022 KB5009555 update as aspect of the January 2022 Patch Tuesday.
Following installing these updates, directors have been battling multiple issues that are only resolved soon after getting rid of the updates.
Windows domain controller boot loops
The most significant issue released by these updates is that Windows area controllers enter a boot loop, with servers getting into an limitless cycle of Home windows beginning and then rebooting soon after a handful of minutes.
As initial reported by BornCity, this difficulty influences all supported Home windows Server variations.
“Appears to be like KB5009557 (2019) and KB5009555 (2022) are producing some thing to fail on domain controllers, which then continue to keep rebooting just about every couple minutes,” a consumer posted to Reddit.
A Windows Server administrator instructed BleepingComputer that they see the LSASS.exe approach use all of the CPU on a server and then eventually terminate.
As LSASS is a important method demanded for Home windows to function appropriately, the working system will automatically restart when the approach is terminated.
The pursuing mistake will be logged to the party viewer when restarting because of to a crashed LSASS procedure, as another user on Reddit shared.
“The course of action wininit.exe has initiated the restart of computer system [computer_name] on behalf of consumer for the next explanation: No title for this rationale could be uncovered Explanation Code: 0x50006 Shutdown Style: restart Remark: The method approach ‘C:WINDOWSsystem32lsass.exe’ terminated unexpectedly with status code -1073741819. The program will now shut down and restart.”
Hyper-V no more time starts
In addition to the boot loops, BleepingComputer has been informed by Windows administrators that after installing the patches, Hyper-V no for a longer period starts off on the server.
This bug principally has an effect on Home windows Server 2012 R2 server, but other unverified stories say it affects more recent variations of Windows Server.
As Hyper-V is not commenced, when making an attempt to start a digital machine, people will receive an error stating the following:
“Digital equipment xxx could not be started mainly because the hypervisor is not managing.”
Microsoft unveiled stability updates to resolve 4 unique Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are possible leading to this difficulty.
ReFS file units are no more time accessible
Finally, several admins are reporting that Windows Resilient File Procedure (ReFS) volumes are no for a longer time obtainable or are observed as Raw (unformatted) right after setting up the updates.
The Resilient File Process (ReFS) is a Microsoft proprietary file program that has been built for significant availability, details recovery, and high general performance for extremely massive storage volumes.
“Installed these updates tonight, in a two server Exchange 2016 CU22 DAG, functioning on Server 2012 R2. Immediately after a seriously lengthy reboot, the server came back up with all the ReFS volumes as Raw,” defined a Microsoft Trade administrator on Reddit.
“NTFS volumes attached were being good. I realize this is not completely an exchange dilemma but it is impacting my potential to bring services for Trade again on-line.”
Uninstalling the Home windows Server updates manufactured the ReFS volumes available all over again.
Yesterday, Microsoft fastened seven remote code execution vulnerabilities in ReFS, with a person or a lot more probable powering the inaccessible ReFS volumes.
These vulnerabilities are tracked as CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022-21928.
How to fix?
Regretably, the only way to correct these difficulties is to uninstall the corresponding cumulative update for your Home windows edition.
Admins can do this by applying a single of the subsequent commands:
Windows Server 2012 R2: wusa /uninstall /kb:KB5009624 Windows Server 2019: wusa /uninstall /kb:KB5009557 Home windows Server 2022: wusa /uninstall /kb:KB5009555
As Microsoft bundles all safety fixes into the one update, eradicating the cumulative update may take care of the bugs, but will also take away all fixes for lately patched vulnerabilities.
Consequently, uninstalling these updates ought to only be accomplished if absolutely essential.
Not to be outdone by Home windows Server, Home windows 10 and Home windows 11’s updates are also breaking L2TP VPN connections.
BleepingComputer has achieved out to Microsoft for fixes on these concerns but has not read back again at this time.