KB5021651: Out-of-band update for Windows Server 2008 R2: November 18, 2022
Applies To
Windows Server 2008 R2 Enterprise ESU Windows Server 2008 R2 Standard ESU Windows Server 2008 R2 Datacenter ESURelease Date:
11/18/2022
Version:
Out-of-band update
Summary
This update includes improvements for the following:
-
Addresses a known issue that affects Windows Servers that have the Domain Controller (DC) role. They might have Kerberos authentication issues if both of the following are true:
-
You installed a Windows update on or after November 8, 2022 on the DC.
-
You configured the SupportedEncrytionType key to remove the RC4 cipher at a domain level or on individual account.
You might receive Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 errors. These appear in the System section of the Event Log on your DC. The affected events include the text, "the missing key has an ID of 1".security hardening for Netlogon and Kerberos starting with November 2022 security update. You must still follow the guidance in the listed articles.
Note This issue is not an expected part of the -
Known issues in this update
We are currently not aware of any issues that affect this update.
How to get this update
Before installing this update
To install Windows Server 2008 R2 SP1 updates released on or after July 2019, you must have the following required updates installed.
-
Install the SHA-2 code signing support updates:KB4474419) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. You must have installed the servicing stack update (SSU) (KB4490628) that is dated March 12, 2019. After update KB4490628 is installed, we recommend that you install the latest SSU update. For more information about the latest SSU update for Windows Server 2008 R2 SP1, see ADV990001 | Latest Servicing Stack Updates.
You must have the SHA-2 update ( -
Install the Extended Security Update (ESU):KB4538483) or the "Update for the Extended Security Updates (ESU) Licensing Preparation Package" (KB4575903). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the Microsoft Update Catalog. You must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in KB4522133 to continue receiving security updates after extended support ends. Extended support for Windows Server 2008 R2 SP1 ended on January 14, 2020.
You must have installed the "Extended Security Updates (ESU) Licensing Preparation Package" (
Important You must restart your device after you install these required updates.
Install this update
Release Channel |
Available |
Next Step |
Windows Update and Microsoft Update |
No |
See the other options below. |
Microsoft Update Catalog |
Yes |
To get the standalone package for this update, go to the Microsoft Update Catalog website. |
Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager |
No |
You can manually import these updates into Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. |
File information
For a list of the files that are provided in this update, download the file information for update KB5021651.
References
For more information about ESU and which editions are supported, see KB4497181.
Learn about the standard terminology that is used to describe Microsoft software updates.