The Windows Health Dashboard has identified several bugs, such as login failures and other issues related to Kerberos authentication.
This issue affects almost all current versions of Windows 11, Windows 10, Windows 8.1, and Windows 7.
"Client: Windows 11 22H2; Windows 10 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1 Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2"
It has been reported that users who have installed updates released on or after November 8, 2022 on Windows with the Domain Controller role may experience issues using Kerberos authentication. This issue may affect any Kerberos authentication operation in a server environment. Microsoft has indicated that some of the scenarios/operations that may be affected include.
"Domain user logins may fail. This may also affect Active Directory Federation Services (AD FS) authentication. Group Management Service Accounts (gMSA) for services such as Internet Information Services (IIS Web Server) may not be able to authenticate. Remote desktop connections using domain users may fail to connect. You may not be able to access shared folders on the workstation and shared files on the server. Printing that requires domain user authentication may fail."
Microsoft says you can check to see if any are affected by opening the event log on your domain controller. Devices affected by this bug will display the Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error and prompt.
"When processing an AS request for the target service <service>, the account < account name> does not have the proper key to generate a Kerberos ticket (the ID of the missing key is 1). Available account types: 23 18 17. Changing or resetting the password for < account name > will generate the correct key."
In addition, the text “ID of missing key is 1” is displayed next to the affected event. It is important to note that this bug does not appear on home devices that are not part of this geography.
Microsoft says they are working on a fix and will probably prepare a patch in the next few weeks.
In addition to this, Win11 and Win10 have a network connectivity issue where you may not be able to reconnect to Direct Access if you connect to a network connection without a network or after switching Wi-Fi network hotspots after installing the system update KB5019509 or later.
Of course, home devices or organizational devices that do not use Direct Access to remotely access organizational network resources are not affected. Affected platforms include
Clients: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019
Server: Windows Server 2022; Windows Server 2019
