After installing the January 2022 Security patches…
After installing the January 22, 2022, Security Patches, there have been reports of an issue referenced as “Boot Loop on Limited Windows Server running below roles.”
Update Process: At this time our Patch Advisory Group has recommended to “Pause the Patching” until Microsoft creates the bug fix / workaround. This issue has also been viewed when we performed tests at our LAB during the whitelisting process. This issue is being closely monitored and we will release more information pending a Microsoft update.
- Domain Controllers
- Hyper-V (Host Server)
About “Boot Loop on Limited Windows Server”issue:
- January 2022 – release security updates addressed Active Directory bug which existed earlier. However, fixing this issue
has caused another issue i.e. Boot Loop issue.
- In the security updates for Windows Server (e.g., Update KB5009624 (Monthly Rollup for Windows 8.1 and Windows
Server 2012 R2)), it states:
“Addresses a Windows Server issue in which Active Directory attributes are not written correctly during a Lightweight Directory Access Protocol (LDAP) modify operation with multiple specific attribute changes”.
- It has been noted that the security update can trigger a boot loop on Windows servers with role as domain controllers & Hyper-V (Host Server).
- Boot loop on Windows Server DCs occurs when the module lsass.exe, version: 6.3.9600.17415, triggers an error 0xc00005 (access violation) via the library msv1_0.DLL, version: 6.3.9600.20239.
- The LSASS.exe process uses all of the CPU on a server and then ultimately terminates. As LSASS is a critical process required for Windows to operate correctly, the operating system will automatically restart when the process is terminated
- Hyper-V Servers will no longer start as it may go to black screen. Whereas DC’s can end up with continuous reboot loop. Below is the error notified by users on Hyper-V after installing the patch.
- “Virtual machine could not be started because the hypervisor is not running.”
Recommendations by the NOC:
- NOC strictly recommends not to install January 2022 security updates on windows server with domain controllers or
Hyper-V (host server) machines until there is a fix from MS.
- If the updates have been installed through Automatic Updates, NOC recommends not to roll back the snapshots -especially on DC’s – so as not to provoke USN rollbacks.
- As a best practice, we recommend to uninstall January 2022 security updates.
Next Actions by the NOC:
- NOC stopped Patch Whitelisting for January 2022 Security Updates until there is a fix from Microsoft on Boot Loop on
Windows Servers. There is a possibility we may see similar issue(s) on non-domain controller servers.
- NOC is observing this closely and will provide further updates upon receipt from Microsoft.
Link: Windows Server: January 2022 security updates are causing DC boot loop | Born’s Tech and Windows World
Hashtags: #ITAuthorities #Microsoft #WindowsServer