Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates.
Platforms affected by these problems include Windows Server 2016, Windows Server 2019, Windows Server 2022, and the latest version, Windows Server 2025.
However, as Microsoft further explained when it acknowledged this known issue in early May, home users are unlikely to be impacted since domain controllers are typically used in enterprise authentication scenarios.
"After installing the April Windows monthly security update released April 8, 2025 (KB5055523) or later, Active Directory Domain Controllers (DC) might experience issues when processing Kerberos logons or delegations using certificate-based credentials that rely on key trust via the Active Directory msds-KeyCredentialLink field," Microsoft said.
"This can result in authentication issues in Windows Hello for Business (WHfB) Key Trust environments or environments that have deployed Device Public Key Authentication (also known as Machine PKINIT)."
These issues could also affect software using these two features for authentication, including but not limited to identity management systems, third-party single sign-on (SSO) solutions, and smart card authentication products.
This week, the company released the following cumulative updates that resolve the auth issues on all impacted Windows releases:
KB5060842 (Windows Server 2025)
KB5060526 (Windows Server 2022)
KB5060531 (Windows Server 2019)
... continue reading