Server administrators who have applied the most recent Windows Server updates are reporting this week that crashes and reboots are occurring as a result. Multiple KBs are attributed with causing the unstable behavior. Administrators are urged to delay applying updates or take additional measures to fix the issues if the updates have already been applied.
Summary
Reports from across the web are detailing issues after installing the KB5035855 and KB5035857 Windows Server updates released this Patch Tuesday. Domain controllers with the latest updates reportedly crash and reboot due to increasing LSASS memory usage.
Symptoms were reported as ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022). Physical and virtual memory is consumed until the machine hangs. [2]
Workaround
As of this writing, Microsoft has not officially acknowledged the issues. However, their support has has advised to uninstall the troubled Windows Server updates from domain controllers. Here’s how:
- Open a command prompt with elevated privileges by clicking the Start menu, typing ‘
cmd,’ right-clicking the Command Prompt application, and then choosing ‘Run as Administrator.‘ - Next, run one of the following commands, depending on which update has been installed on the domain controller:
wusa /uninstall /kb:5035855
wusa /uninstall /kb:5035857 - Once uninstalled, use the ‘Show or Hide Updates’ troubleshooter to hide the update so it will no longer appear in the available updates list. The update will be released with a new identifier when the issue is fixed.
Sources
- Microsoft Tech Community blog article
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2024-exchange-server-security-updates/bc-p/4088764/highlight/true#M38300 - “New Windows Server updates cause domain controller crashes, reboots” —Bleeping Computer article
https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-crashes-reboots/
