May 19, 2022

M-Dudes

Your Partner in The Digital Era

New Windows Server updates bring about DC boot loops, break Hyper-V

The hottest Home windows Server updates are producing serious troubles for directors, with domain controllers having spontaneous reboots, Hyper-V not starting up, and inaccessible ReFS volumes until eventually the updates are rolled again

Yesterday, Microsoft produced the Home windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as component of the January 2022 Patch Tuesday.

Immediately after setting up these updates, directors have been battling multiple concerns that are only solved following getting rid of the updates.

Home windows area controller boot loops

The most major situation released by these updates is that Windows area controllers enter a boot loop, with servers finding into an endless cycle of Windows commencing and then rebooting after a several minutes.

As initially documented by BornCity, this challenge impacts all supported Windows Server versions.

“Looks KB5009557 (2019) and KB5009555 (2022) are creating a thing to fall short on domain controllers, which then preserve rebooting each couple minutes,” a user posted to Reddit.

A Home windows Server administrator instructed BleepingComputer that they see the LSASS.exe method use all of the CPU on a server and then in the end terminate.

As LSASS is a significant procedure demanded for Windows to operate appropriately, the running program will routinely restart when the course of action is terminated.

The next mistake will be logged to the party viewer when restarting because of to a crashed LSASS procedure, as a different user on Reddit shared.

“The course of action wininit.exe has initiated the restart of laptop [computer_name] on behalf of consumer for the subsequent explanation: No title for this purpose could be identified Explanation Code: 0x50006 Shutdown Sort: restart Remark: The procedure process ‘C:WINDOWSsystem32lsass.exe’ terminated unexpectedly with position code -1073741819. The technique will now shut down and restart.”

Hyper-V no more time begins

In addition to the boot loops, BleepingComputer has been informed by Windows administrators that after putting in the patches, Hyper-V no longer commences on the server.

This bug primarily impacts Windows Server 2012 R2 server, but other unverified reports say it influences newer variations of Windows Server.

As Hyper-V is not started off, when making an attempt to start a virtual device, end users will acquire an mistake stating the subsequent:

“Virtual machine xxx could not be started out because the hypervisor is not functioning.”

Microsoft produced safety updates to correct 4 different Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are probably leading to this issue.

ReFS file methods are no for a longer period obtainable

Eventually, a lot of admins are reporting that Home windows Resilient File Method (ReFS) volumes are no for a longer time obtainable or are witnessed as Uncooked (unformatted) just after putting in the updates.

The Resilient File Technique (ReFS) is a Microsoft proprietary file process that has been built for substantial availability, knowledge restoration, and high effectiveness for very large storage volumes.

“Installed these updates tonight, in a two server Trade 2016 CU22 DAG, running on Server 2012 R2. Right after a definitely lengthy reboot, the server came back again up with all the ReFS volumes as Uncooked,” spelled out a Microsoft Exchange administrator on Reddit.

“NTFS volumes attached had been wonderful. I notice this is not solely an exchange dilemma but it is impacting my capability to deliver providers for Exchange back on the internet.”

Uninstalling the Home windows Server updates made the ReFS volumes obtainable yet again.

Yesterday, Microsoft mounted seven remote code execution vulnerabilities in ReFS, with 1 or much more possible at the rear of the inaccessible ReFS volumes.

These vulnerabilities are tracked as CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022-21928.

How to repair?

Sad to say, the only way to deal with these challenges is to uninstall the corresponding cumulative update for your Windows edition.

Admins can do this by working with just one of the following instructions:

Home windows Server 2012 R2: wusa /uninstall /kb:KB5009624 
Windows Server 2019: wusa /uninstall /kb:KB5009557 
Windows Server 2022: wusa /uninstall /kb:KB5009555

As Microsoft bundles all security fixes into the single update, getting rid of the cumulative update may resolve the bugs, but will also take out all fixes for a short while ago patched vulnerabilities.

Consequently, uninstalling these updates should only be completed if certainly needed.

Not to be outdone by Home windows Server, Windows 10 and Windows 11’s updates are also breaking L2TP VPN connections.

BleepingComputer has attained out to Microsoft for fixes on these issues but has not listened to back at this time.