NTLM authentication fails with 0xC0000022 error for Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 after update is applied

Symptoms

After you install any of the updates that are listed in the list of affected updates table (later in this section) on Windows Server 2012 or Windows Server 2012 R2 domain controllers, or on member servers that perform pass-through authentication on behalf of remote callers, NTLM authentication may fail with error 0xC0000022.

This problem does not occur if the security updates that are described in Microsoft Security Bulletin MS16-101 are installed before, after, or together with fixes in the list of affected updates table.


Note To see the log examples for the Netlogon service shown in this section, you must enable debug logging through the registry or the NLTEST tool. For more information about how to enable debug logging for the Netlogon service, see the following Microsoft webpage:

Enabling debug logging for the Netlogon service
When this problem occurs, an error message that resembles the following is recorded in the Netlogon.log of an affected domain controller:


SamLogon: Network logon of Domain\User memberServer Returns 0xC0000022



The following table shows the error mapping:

Hexadecimal

Decimal

Symbolic

Friendly

0xC0000022

-1073741790

STATUS_ACCESS_DENIED

A process has requested access to an object, but has not
been granted those access rights.


The NETLOGON.LOGS files of affected domain controllers will have signatures that resemble the following:

Date and time [CRITICAL] [11940] DOMAIN: NlpUserValidateHigher: denying access after status: 0xc0000022 0
Date and time [SESSION] [11940] DOMAIN: NlSetStatusClientSession: Set connection status to c0000022
Date and time [SESSION] [11940] DOMAIN: NlSetStatusClientSession: Unbind from server \\DCName (TCP) 0.
Date and time [SESSION] [11940] DOMAIN: NlSetStatusClientSession: Unbind from server \\DCName (TCP) 1.
Date and time [LOGON] [11940] SamLogon: Network logon of Domain\xxxxx from xxxxxxxxx Returns 0xC000018D



Or the following entries on a stand-alone or member computer with a local account:

Date and time [LOGON] [4140] SamLogon: Network logon of ComputerA\LocalAccount from ComputerA Entered
Date and time [CRITICAL] [4140] NlPrintRpcDebug: Couldn't get EEInfo for I_NetLogonSamLogonEx: 1761 (may be legitimate for 0xc0000064)
Date and time [LOGON] [4140] SamLogon: Network logon of ComputerA\LocalAccount from ComputerA Returns 0xC0000022



Where extended errors map to the following:

Hexadecimal

Decimal

Symbolic

Friendly

0xC0000022

-1073741790

STATUS_ACCESS_DENIED

A process has requested access to an object, but has not been granted those access rights.

0x6e1

1761

RPC_S_ENTRY_NOT_FOUND

The entry is not found.

0xC000018D

-1073741427

STATUS_TRUSTED_RELATIONSHIP_FAILURE

The logon request failed because the trust relationship between this workstation and the primary domain failed.

List of affected updates

The following updates are known to potentially cause this issue:


Windows 8.1 and Windows Server 2012 R2

3187754

MS16-110: Description of the security update for Windows: September 13, 2016



Windows Server 2012:

2922223

You cannot change system time if RealTimeIsUniversal registry entry is enabled in Windows

3167679

MS16-101: Description of the security update for Windows authentication methods: August 9, 2016

3174644

Microsoft security advisory: Updated support for Diffie-Hellman Key Exchange

3175024

MS16-111: Description of the security update for Windows Kernel: September 13, 2016

3179575

August 2016 update rollup for Windows Server 2012

3187754

MS16-110: Description of the security update for Windows: September 13, 2016

3185332

October 2016 Security Monthly Quality Rollup for Windows Server 2012

3192393

October 2016 Security Only Quality Update for Windows Server 2012

3192406

October 2016 Preview of Monthly Quality Rollup for Windows Server 2012

Cause

This issue occurs because a recent update rollup missed a dependency in updating Netlogon.dll.

Resolution

To fix this problem, install the security updates that are described in Microsoft Security Bulletin MS16-101.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×