Related topics
×
Sign in with Microsoft
New to Microsoft? Create an account.

Release Date:

11/18/2022

Version:

Out-of-band update

Summary

This update includes improvements for the following:

  • Addresses a known issue that affects Windows Servers that have the Domain Controller (DC) role. They might have Kerberos authentication issues if both of the following are true:

    • You installed a Windows update on or after November 8, 2022 on the DC.

    • You configured the SupportedEncrytionType key to remove the RC4 cipher at a domain level or on individual account.

    You might receive Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 errors. These appear in the System section of the Event Log on your DC. The affected events include the text, "the missing key has an ID of 1".

    Note This issue is not an expected part of the security hardening for Netlogon and Kerberos starting with November 2022 security update. You must still follow the guidance in the listed articles.

Known issues in this update

We are currently not aware of any issues that affect this update.

How to get this update

Before installing this update

To install Windows Server 2008 R2 SP1 updates released on or after July 2019, you must have the following required updates installed.

  • Install the SHA-2 code signing support updates:

    You must have the SHA-2 update (KB4474419) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

    You must have installed the servicing stack update (SSU) (KB4490628) that is dated March 12, 2019. After update KB4490628 is installed, we recommend that you install the latest SSU update. For more information about the latest SSU update for Windows Server 2008 R2 SP1, see ADV990001 | Latest Servicing Stack Updates.

  • Install the Extended Security Update (ESU):

    You must have installed the "Extended Security Updates (ESU) Licensing Preparation Package" (KB4538483) or the "Update for the Extended Security Updates (ESU) Licensing Preparation Package" (KB4575903). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the Microsoft Update Catalog.

    You must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in KB4522133 to continue receiving security updates after extended support ends. Extended support for Windows Server 2008 R2 SP1 ended on January 14, 2020.

Important You must restart your device after you install these required updates.

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

No

See the other options below.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager

No

You can manually import these updates into Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.

File information

For a list of the files that are provided in this update, download the file information for update KB5021651.

References

For more information about ESU and which editions are supported, see KB4497181.

Learn about the standard terminology that is used to describe Microsoft software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×