Back to Home

Windows Server patch caused domain controller failure

April patch KB5082063 for Windows Server fixed the spontaneous update issue but caused a critical failure of domain controllers in PAM environments. Servers enter a reboot loop due to LSASS error, disrupting authentication and directory services. Microsoft provides a temporary solution and promises to release a full fix.

Critical domain controller failure after installing Microsoft patch
Advertisement 728x90

April Windows Server Patch Fixes Old Bug but Causes Domain Controller Crash

Microsoft released the April cumulative update KB5082063 for Windows Server, which officially closes the issue of servers spontaneously upgrading to Windows Server 2025. However, along with the fix came a new critical bug affecting domain controllers in environments with Privileged Access Management (PAM). Non-global catalog (non-GC DC) servers may enter a reboot loop after installing the patch due to an LSASS process failure, rendering authentication and directory services unavailable.

History of the Forced Upgrade Issue

Since late 2024, administrators of Windows Server 2019 and 2022 have faced unexpected upgrades to Windows Server 2025 without their consent. Microsoft attributed this to incorrect classification of the update package by third-party update management systems. However, many IT professionals reported incidents even in the absence of such systems. The company's official position remained unchanged, and only in April 2026 was the issue status changed to "resolved."

New Domain Controller Crash

The KB5082063 update, intended to fix the old problem, caused a critical failure in environments with multiple domains in a single forest where PAM is used. After installing the update, non-global catalog servers experience an LSASS failure at startup, leading to an infinite reboot loop. This makes authentication and directory services impossible, and in the worst case, the entire domain becomes unavailable.

Google AdInline article slot

Temporary Measures and Awaiting a Fix

Microsoft has confirmed the issue and stated that it only affects server systems. A temporary solution is available through Microsoft support for business. A full fix is expected in the coming days. Administrators are advised to temporarily refrain from installing KB5082063 on critical domain controllers, especially in PAM environments.

Key Points

  • KB5082063 causes an LSASS crash on domain controllers without the global catalog role in PAM environments.
  • Servers enter a reboot loop, authentication and directory services stop working.
  • Microsoft provides a temporary solution through support; a full patch is expected in the coming days.
  • Administrators should postpone installing the update on affected systems until the fix is released.

Context and Implications

This situation highlights the risks associated with server infrastructure updates. The prolonged fix of one problem led to another, equally serious issue. For organizations using PAM, this means the need for thorough patch testing before deployment. The incident also demonstrates the complexity of maintaining update compatibility in multi-domain environments.

— Editorial Team

Google AdInline article slot
Advertisement 728x90

Read Next