May 19, 2022—KB5015019 (OS Build 14393.5127) Out-of-band
Applies To
Windows Server 2016, all editionsRelease Date:
5/19/2022
Version:
OS Build 14393.5127
: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback.
11/19/20 types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page.
For information about Windows update terminology, see the article about theHighlights
-
Addresses a known issue that might prevent some services from authenticating machine accounts on clients or servers. This issue occurs after you install the May 10, 2022 update on domain controllers.
Improvements
This non-security update includes quality improvements. Key changes include:
-
Addresses a known issue that might cause authentication failures for some services on a server or client after you install the May 10, 2022 update on domain controllers. These services include Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). The issue affects how the domain controller manages the mapping of certificates to machine accounts. This issue only affects servers that are used as domain controllers and intermediary application servers which authenticate to domain controllers; it does not affect client Windows devices.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
Before installing this update
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
If you are using Windows Update, the latest SSU (KB5014026) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.
Install this update
Important Install this update on all domain controllers and intermediary application servers which authenticate to domain controllers. The intermediary application servers include Network Policy Servers (NPS), RADIUS, Certification Authority (CA), and web servers.
Release Channel |
Available |
Next Step |
Windows Update and Microsoft Update |
No |
See the other options below. |
Windows Update for Business |
No |
See the other options below. |
Microsoft Update Catalog |
Yes |
To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager |
No |
You can manually import these updates into Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. |
Note After this update is installed, if you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. This includes the removal of the registry key (CertificateMappingMethods = 0x1F) documented in the SChannel registry key section of KB5014754. There is no action needed on the client side to resolve this authentication issue.
File information
For a list of the files that are provided in this update, download the file information for cumulative update 5015019.