After the latest Patch Tuesday updates for May (Windows 11, Windows 10), Microsoft confirmed that the update was causing domain controller authentication failures. The CISA also chimed in later requesting administrators to skip installing the Patch Tuesday for the time being. The problems were arising due to a certificate mapping bug and the company provided a temporary workaround for the problem.
Today, Microsoft has released multiple out-of-band (OOB) updates that resolve the issue. The advisory says:
After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client
[...]
Resolution: This issue was resolved in out-of-band updates released May 19, 2022 for installation on Domain Controllers in your environment. There is no action needed on the client side to resolve this authentication issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them.
You can download the necessary updates at the Microsoft Update Catalog links provided below:
| OS | KB | Microsoft Update Catalog |
|---|---|---|
| Windows Server 2022 | Download | |
| Windows Server 20H2 | Download | |
| Windows Server 2019 | Download | |
| Windows Server 2016 | Download |
You can find the official advisory here.