November updates for Windows Server may cause domain controller to hang and reboot » Community

November updates for Windows Server may cause domain controller to hang and reboot

Microsoft has reported that after installing the November Updates for Windows Server, a memory leak may occur in the LSASS service, which can eventually cause some domain controllers to hang and reboot. The LSASS service (short for Local Security Authority Subsystem Service) is responsible for enforcing security policies, handling token creation, password changes, and user authorization in the system.

“Depending on the workload of your domain controllers and the amount of time that has passed since the server was last restarted, LSASS may consume more memory over time, causing the domain controller to become unresponsive and restart,” explains Microsoft on the Windows Health page.

The issue is known to affect Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. Installing out-of-order updates that were released to resolve authorization issues on domain controllers does not fix the memory leak. Microsoft is working on a fix.

As a workaround, IT administrators can set the KrbtgtFullPacSignature registry key to 0 using the following command:

reg add "HKLM\System\CurrentControlSet\services\KDC" -v "KrbtgtFullPacSignature" -d 0 -t REG_DWORD

After the release of the hotfix, you need to set a higher value for the key KrbtgtFullPacSignature. Details about this registry key can be found in the article, dedicated to update KB5020805.


I am Sanjit Gupta. I have completed my BMS then MMS both in marketing. I even did a diploma in computer software and Digital Marketing.

Articles: 4841

Newsletter Updates

Enter your email address below to subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: