Microsoft resolves Windows Server problem causing freezing and restarts

Microsoft addressed the LSASS memory leak problem on certain domain controllers, which led to restarts and freezes following installation of Windows Server Updates released last month during Patch Tuesday.

According to David Fisher (a Principal Product Manager at Microsoft), “After installing November 2022/Out of Band updates on domain controllers you may experience a memory leak within LSASS.exe [Local Security Authority Subsystem Service]” which could cause domain controller failures and/or operational problems.

“If your domain controllers have been patched, then the December 13th 2022 security update will resolve the memory leakage that’s occurring within LSASS.exe.”

LSASS manages user logins and enforces Windows security policy. After being displayed a reboot error and a system reboot, it will crash. Upon failure, users logged in immediately lose their access to Windows accounts.

Redmond two weeks later, in November. It stated that the problem affects several Windows Server versions including Windows Server 2019 and Windows Server 2012 R2. Windows Server 2012 R2 SP1 and Windows Server 2008 SP2.

The company stated that Windows out-of-band updates, which were pushed to fix authentication issues on Windows domain controllers, might be also affected.

Also available: Workaround

Redmond is a temporary option for admins that still require the December 2022 Patch Tuesday update. It allows them to temporarily work around any domain controller instability.

The workaround requires admins to set the KrbtgtFullPacSignature registry key (used to gate ) to 0 using the following command:

reg add "HKLMSystemCurrentControlSetservicesKDC" -v "KrbtgtFullPacSignature" -d 0 -t REG_DWORD

Administrators will need to update the registry key after applying the patches this month to fix the domain controller problems.

“Once this known issue is resolved, you should set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow,” Microsoft said.

It is recommended that you enable Enforcement mode as soon your environment is available. : Kerberos Protocol Changes Related to CVE-2022-37967.

Microsoft resolved another issue in March that led to due to LSASS crashes.

Redmond released November’s emergency out-of band (OOB), updates in an effort to correct auth issues that were also caused last month by the Patch Tuesday Windows update.