Microsoft has updated its official Windows Health Dashboard documentation with new details about freshly detected bugs in Windows 10 and 11. According to the company, users who installed the latest cumulative updates on Windows Server with the Domain Controller role might experience problems with Kerberos authentication with the following symptoms:
- Domain user sign in might fail. This also might affect Active Directory Federation Services (AD FS) authentication.
- Group Managed Service Accounts (gMSA) used for services such as Internet
- Information Services (IIS Web Server) might fail to authenticate.
- Remote Desktop connections using domain users might fail to connect.
- You might be unable to access shared folders on workstations and file shares on servers.
- Printing that requires domain user authentication might fail.
Microsoft says customers can check whether their systems are affected by opening Event Log on Domain Controllers. Devices hit by the bug will show a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error with the following text:
While processing an AS request for target service , the account did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18 3. The accounts available etypes : 23 18 17. Changing or resetting the password of will generate a proper key.
Also, affected events will have a "the missing key has an ID of 1" text next to them. It is worth noting that the bug does not appear on home devices that are not part of an on-premises domain.
Microsoft is working on a fix, and it should be ready in the coming weeks. The company will provide extra information once it becomes available.