304 North Cardinal St.
Dorchester Center, MA 02124
Microsoft has reported that after installing the November Updates for Windows Server, a memory leak may occur in the LSASS service, which can eventually cause some domain controllers to hang and reboot. The LSASS service (short for Local Security Authority Subsystem Service) is responsible for enforcing security policies, handling token creation, password changes, and user authorization in the system.
“Depending on the workload of your domain controllers and the amount of time that has passed since the server was last restarted, LSASS may consume more memory over time, causing the domain controller to become unresponsive and restart,” explains Microsoft on the Windows Health page.
The issue is known to affect Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. Installing out-of-order updates that were released to resolve authorization issues on domain controllers does not fix the memory leak. Microsoft is working on a fix.
As a workaround, IT administrators can set the KrbtgtFullPacSignature registry key to 0 using the following command:
reg add "HKLM\System\CurrentControlSet\services\KDC" -v "KrbtgtFullPacSignature" -d 0 -t REG_DWORD
After the release of the hotfix, you need to set a higher value for the key KrbtgtFullPacSignature. Details about this registry key can be found in the article, dedicated to update KB5020805.