On Tuesday, April 8, 2025, Microsoft released new mandatory cumulative updates for its operating systems, including Windows Server. One of the updates, KB5055523, specifically targets Windows Server 2025 and has been identified as the source of recent connection issues.
However, this is not an isolated case — Microsoft has confirmed that Windows Server 2016, 2019, and 2022 are also affected.
In practice, these connection issues can affect environments where the following authentication methods are deployed:
Microsoft also provides details on the observed symptoms, including the appearance of event logs with ID 45 or ID 21, accompanied by various error messages.
Microsoft has identified the cause of this issue: it stems from the security patch addressing vulnerability CVE-2025-26647.
This vulnerability exists within Kerberos and could allow an authenticated attacker to escalate their privileges.
In addition, Microsoft has published a support document providing further details and guidance.
While awaiting a permanent fix, Microsoft has proposed a temporary workaround. It involves modifying the registry value AllowNtAuthPolicyBypass located at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc
The value should be changed from "2" to "1".
This change is intended to allow affected users to authenticate successfully again.