Operational Defect Database
BugZero found this defect 41 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft Windows Server | WI789351
NTLM traffic issue after installing the April 2024 security update
Last update date:
5/14/2024
Affected products:
Windows Server 2022
Affected releases:
Windows Server 2008
Fixed releases:
Description:
Updates History
Published: 2024-05-14T16:59:18.4+00:00 ---------------------------------------- After installing the April 2024 security update (KB5036909 (https://support.microsoft.com/help/5036909)) on domain controllers (DCs), you might notice a significant increase in NTLM (https://learn.microsoft.com/windows-server/security/kerberos/ntlm-overview) authentication traffic. This issue is more likely to affect Active Directory (AD) deployments already servicing a large number of NTLM authentication requests where a small number of Primary Domain Controllers (PDCs) are supporting a large number of read-write Backup Domain Controllers (DCs) and Read Only Domain Controllers (RODCs). Note: In rare instances, Windows Servers running the Domain Controller (DC) role might experience Local Security Authority Subsystem Service (LSASS) crashes resulting in a reboot. Resolution: This issue was resolved by Windows updates released May 14, 2024 (KB5037782 (https://support.microsoft.com/help/5037782)), and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. Affected platforms: Client: none Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues. Published: 2024-05-03T23:43:07.127+00:00 ---------------------------------------- After installing the April 2024 security update (KB5036909 (https://support.microsoft.com/help/5036909)) on domain controllers (DCs), you might notice a significant increase in NTLM (https://learn.microsoft.com/windows-server/security/kerberos/ntlm-overview) authentication traffic. This issue is more likely to affect Active Directory (AD) deployments already servicing a large number of NTLM authentication requests where a small number of Primary Domain Controllers (PDCs) are supporting a large number of read-write Backup Domain Controllers (DCs) and Read Only Domain Controllers (RODCs). Note: In rare instances, Windows Servers running the Domain Controller (DC) role might experience Local Security Authority Subsystem Service (LSASS) crashes resulting in a reboot. Next steps: We are working on a resolution and will provide an update in an upcoming release. Windows support: Enterprise devices: Request help for your organization through Support for business (https://support.serviceshub.microsoft.com/supportforbusiness/onboarding). Affected platforms: Client: none Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues. Published: 2024-05-01T03:56:40.62+00:00 ---------------------------------------- After installing the April 2024 security update (KB5036909 (https://support.microsoft.com/help/5036909)) on domain controllers (DCs), you might notice a significant increase in NTLM (https://learn.microsoft.com/windows-server/security/kerberos/ntlm-overview) authentication traffic. This issue is likely to affect organizations that have a very small percentage of primary domain controllers in their environment and high NTLM traffic. Next steps: We are working on a resolution and will provide an update in an upcoming release. Windows support: Enterprise devices: Request help for your organization through Support for business (https://support.serviceshub.microsoft.com/supportforbusiness/onboarding). Affected platforms: Client: none Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues.
Impact
Customers have reported NTLM authentication failures and high load on affected domain controllers
Originating KB URL
https://support.microsoft.com/en-us/topic/5036909
Originating KB Release Date
2024-04-09T10:00:00-07:00
Originating Build
20348.2402
Resolved KB URL
https://support.microsoft.com/en-us/topic/5037782
Date Resolved
2024-05-14T10:00:00-07:00
