Workaround: You can mitigate this issue by re-enabling. NET Framework 3.5, such as Windows Communication Foundation (WCF) and Windows Workflow (WWF) components. Affected apps are using certain optional components in. NET Framework 3.5 apps might have issues or might fail to open. NET Framework 3.5 apps might have issuesĪfter installing KB5012643, some.
Client: Windows 11, version 21H2 Windows 10, version 21H2 Windows 10, version 21H1 Windows 10, version 20H2 Windows 10, version 1909 Windows 10, version 1809 Windows 10 Enterprise LTSC 2019 Windows 10 Enterprise LTSC 2016 Windows 10, version 1607 Windows 10 Enterprise 2015 LTSB Windows 8.1 Windows 7 SP1.
If you are using Monthly rollup updates, you will need to install both the standalone updates listed above to resolve this issue, and install the Monthly rollups released to receive the quality updates for May 2022. Monthly rollup updates are cumulative and include security and all quality updates. Security only updates are not cumulative, and you will also need to install all previous Security only updates to be fully up to date. Note: If you are using security only updates for these versions of Windows Server, you only need to install these standalone updates for the month of May 2022.
Note: You do not need to apply any previous update before installing these cumulative updates. Note The below updates are not available from Windows Update and will not install automatically. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. For WSUS instructions, see WSUS and the Catalog Site. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. To get the standalone package for these out-of-band updates, search for the KB number in the Microsoft Update Catalog. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them. There is no action needed on the client side to resolve this authentication issue. Resolution: This issue was resolved in out-of-band updates released for installation on Domain Controllers in your environment. Note: Any other mitigation except the preferred mitigations might lower or disable security hardening. If the preferred mitigation will not work in your environment, please see KB5014754-Certificate-based authentication changes on Windows domain controllers for other possible mitigations in the SChannel registry key section. Note: The instructions are the same for mapping certificates to user or machine accounts in Active Directory.
For instructions, please see Certificate Mapping. Workaround: The preferred mitigation for this issue is to manually map certificates to a machine account in Active Directory.
This issue only affects installation of May 10, 2022, updates installed on servers used as domain controllers. Note: Installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue. An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller. You might see authentication failures on the server or client for servicesĪfter installing updates released on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).