NTLM authentication fails with 0xC0000022 error for Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 after update is applied

Symptoms
After you install any of the updates that are listed in the list of affected updates table (later in this section) on Windows Server 2012 or Windows Server 2012 R2 domain controllers, or on member servers that perform pass-through authentication on behalf of remote callers, NTLM authentication may fail with error 0xC0000022.

This problem does not occur if the security updates that are described in Microsoft Security Bulletin MS16-101 are installed before, after, or together with fixes in the list of affected updates table.

Note To see the log examples for the Netlogon service shown in this section, you must enable debug logging through the registry or the NLTEST tool. For more information about how to enable debug logging for the Netlogon service, see the following Microsoft webpage:
When this problem occurs, an error message that resembles the following is recorded in the Netlogon.log of an affected domain controller:

SamLogon: Network logon of Domain\User memberServer Returns 0xC0000022


The following table shows the error mapping:
HexadecimalDecimalSymbolicFriendly
0xC0000022-1073741790 STATUS_ACCESS_DENIEDA process has requested access to an object, but has not
been granted those access rights.

The NETLOGON.LOGS files of affected domain controllers will have signatures that resemble the following:

Date and time [CRITICAL] [11940] DOMAIN: NlpUserValidateHigher: denying access after status: 0xc0000022 0
Date and time [SESSION] [11940] DOMAIN: NlSetStatusClientSession: Set connection status to c0000022
Date and time [SESSION] [11940] DOMAIN: NlSetStatusClientSession: Unbind from server \\DCName (TCP) 0.
Date and time [SESSION] [11940] DOMAIN: NlSetStatusClientSession: Unbind from server \\DCName (TCP) 1.
Date and time [LOGON] [11940] SamLogon: Network logon of Domain\xxxxx from xxxxxxxxx Returns 0xC000018D


Or the following entries on a stand-alone or member computer with a local account:

Date and time [LOGON] [4140] SamLogon: Network logon of ComputerA\LocalAccount from ComputerA Entered
Date and time [CRITICAL] [4140] NlPrintRpcDebug: Couldn't get EEInfo for I_NetLogonSamLogonEx: 1761 (may be legitimate for 0xc0000064)
Date and time [LOGON] [4140] SamLogon: Network logon of ComputerA\LocalAccount from ComputerA Returns 0xC0000022


Where extended errors map to the following:
HexadecimalDecimalSymbolicFriendly
0xC0000022-1073741790 STATUS_ACCESS_DENIEDA process has requested access to an object, but has not been granted those access rights.
0x6e11761RPC_S_ENTRY_NOT_FOUNDThe entry is not found.
0xC000018D -1073741427STATUS_TRUSTED_RELATIONSHIP_FAILUREThe logon request failed because the trust relationship between this workstation and the primary domain failed.
List of affected updates

The following updates are known to potentially cause this issue:

Windows 8.1 and Windows Server 2012 R2
3187754 MS16-110: Description of the security update for Windows: September 13, 2016


Windows Server 2012:
2922223You cannot change system time if RealTimeIsUniversal registry entry is enabled in Windows
3167679MS16-101: Description of the security update for Windows authentication methods: August 9, 2016
3174644Microsoft security advisory: Updated support for Diffie-Hellman Key Exchange
3175024MS16-111: Description of the security update for Windows Kernel: September 13, 2016
3179575August 2016 update rollup for Windows Server 2012
3187754MS16-110: Description of the security update for Windows: September 13, 2016
3185332October 2016 Security Monthly Quality Rollup for Windows Server 2012
3192393October 2016 Security Only Quality Update for Windows Server 2012
3192406October 2016 Preview of Monthly Quality Rollup for Windows Server 2012
Cause
This issue occurs because a recent update rollup missed a dependency in updating Netlogon.dll.
Resolution
To fix this problem, install the security updates that are described in Microsoft Security Bulletin MS16-101.
Свойства

Номер статьи: 3195799 — последний просмотр: 11/17/2016 22:22:00 — редакция: 2.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation

  • kbbug kbexpertiseinter kbsecbulletin kbsecurity KB3195799
Отзывы и предложения