Jump to content
  • New Windows Server updates cause DC boot loops, break Hyper-V


    Karlston

    • 7 comments
    • 2k views
    • 4 minutes
     Share


    • 7 comments
    • 2k views
    • 4 minutes

    The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back

    Y

    esterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.

     

    After installing these updates, administrators have been battling multiple issues that are only resolved after removing the updates.

    Windows domain controller boot loops

    The most serious issue introduced by these updates is that Windows domain controllers enter a boot loop, with servers getting into an endless cycle of Windows starting and then rebooting after a few minutes.

     

    As first reported by BornCity, this issue affects all supported Windows Server versions.

     

    "Looks KB5009557 (2019) and KB5009555 (2022) are causing something to fail on domain controllers, which then keep rebooting every few minutes," a user posted to Reddit.

     

    A Windows Server administrator told BleepingComputer that they see the LSASS.exe process use all of the CPU on a server and then ultimately terminate.

     

    As LSASS is a critical process required for Windows to operate correctly, the operating system will automatically restart when the process is terminated.

     

    The following error will be logged to the event viewer when restarting due to a crashed LSASS process, as another user on Reddit shared.

     

    "The process wininit.exe has initiated the restart of computer [computer_name] on behalf of user for the following reason: No title for this reason could be found Reason Code: 0x50006 Shutdown Type: restart Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart."

    Hyper-V no longer starts

    In addition to the boot loops, BleepingComputer has been told by Windows administrators that after installing the patches, Hyper-V no longer starts on the server.

     

    This bug primarily affects Windows Server 2012 R2 server, but other unverified reports say it affects newer versions of Windows Server.

     

    As Hyper-V is not started, when attempting to launch a virtual machine, users will receive an error stating the following:

     

    "Virtual machine xxx could not be started because the hypervisor is not running."

     

    Microsoft released security updates to fix four different Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are likely causing this issue.

    ReFS file systems are no longer accessible

    Finally, numerous admins are reporting that Windows Resilient File System (ReFS) volumes are no longer accessible or are seen as RAW (unformatted) after installing the updates.

     

    The Resilient File System (ReFS) is a Microsoft proprietary file system that has been designed for high availability, data recovery, and high performance for very large storage volumes.

     

    "Installed these updates tonight, in a two server Exchange 2016 CU22 DAG, running on Server 2012 R2. After a really long reboot, the server came back up with all the ReFS volumes as RAW," explained a Microsoft Exchange administrator on Reddit.

     

    "NTFS volumes attached were fine. I realize this is not exclusively an exchange question but it is impacting my ability to bring services for Exchange back online."

     

    Uninstalling the Windows Server updates made the ReFS volumes accessible again.

     

    Yesterday, Microsoft fixed seven remote code execution vulnerabilities in ReFS, with one or more likely behind the inaccessible ReFS volumes.

     

    These vulnerabilities are tracked as CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022-21928.

    How to fix?

    Unfortunately, the only way to fix these issues is to uninstall the corresponding cumulative update for your Windows version.

     

    Admins can do this by using one of the following commands:

    Windows Server 2012 R2: wusa /uninstall /kb:5009624 
    Windows Server 2019: wusa /uninstall /kb:5009557 
    Windows Server 2022: wusa /uninstall /kb:5009555

    As Microsoft bundles all security fixes into the single update, removing the cumulative update may fix the bugs, but will also remove all fixes for recently patched vulnerabilities.

     

    Therefore, uninstalling these updates should only be done if absolutely necessary.

     

    Not to be outdone by Windows Server, Windows 10 and Windows 11's updates are also breaking L2TP VPN connections.

     

    BleepingComputer has reached out to Microsoft for fixes on these issues but has not heard back at this time.

     

     

    New Windows Server updates cause DC boot loops, break Hyper-V

     

    EDIT: Removed unnecessary "KB" from commands.


    User Feedback

    Recommended Comments

    Thanks for this. Your article confirmed what I was suspecting. 

     

    please note you have made a error in your wusa command. 

     

    it should be wusa /uninstall /kb:5009557 

    Link to comment
    Share on other sites


    Any good way to postpone the reboot so that the update can be uninstalled?!  I keep getting rebooted out of the uninstall while it's in progress?!

     

    Link to comment
    Share on other sites


    If your server keeps rebooting, you can unplug the network cable from the server which should stop the reboots so that you can get the patch uninstalled.

    Link to comment
    Share on other sites


    This update (KB5009555)  also seems to break WSUS on Server 2022 in test lab. Don't know if this particular issue affects other server versions, I can only confirm 2022. After apply this update, clients downloads hang (some clients hang, others seem to download normally), or some clients fail to sychronize (hang) and others synchronize normally. After rolling back the update on the WSUS server, all functions working again. It is clear that Microsoft has zero interest in properly testing their updates before rolling them out. 

    Link to comment
    Share on other sites


    We experienced these issue with our DC/s. (2022/2019/2016).


    Initially, we've uninstall the updates that produced failures.

    These days we deployed the latest patches and everything back to normal: the servers no longer rebooted unexpectedly

     

     

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...