Security updates released by Microsoft on April 14 for Windows Server have brought side effects in some corporate environments. Domain Controladores without Catálogo Global in configurations using Gerenciamento of Acesso Privilegiado experience LSASS service failures after installation and restart. Isso results in restart loops that leave authentication and directory services unavailable.
Relatos also indicate difficulties logging in as a domain administrator on certain Windows Server 2025 systems. The error message indicates an incorrect password even with valid credentials. A manual password reset method using utilman.exe and a bootable DVD resolves access in reported cases.
Falha in LSASS affects specific domain controllers
Cumulative update KB5082063 for Windows Server 2025, along with equivalents for previous versions, causes the LSASS process to crash during startup on non-GC domain controllers that operate with PAM. The entire domain may become unavailable because authentications stop working.
Todas editions of Windows Server from 2016 are on the list of impacted platforms. The problem especially arises after post-installation reboot. In some cases, it also appears when promoting a new domain controller or when authentication requests arrive too early at boot.
Microsoft documented the symptom on the Windows launch health dashboard. Administradores should contact Suporte Empresarial for an applicable temporary mitigation before or after installing the patch. Desenvolvedores is preparing an automatic correction that will come in a future update.
Relatos blocking on admin logins
Usuários reports that after applying the April updates, logging in as a domain administrator fails on Windows Server 2025 DCE servers. The system rejects the correct password. The temporary workaround involves renaming utilman.exe in the system directory, replacing it with cmd.exe via the boot media, and changing the password through the command prompt accessed through the Ease of Access options.
Esse procedure restores local access. Depois, the account functions normally again for domain management. Não There is official confirmation from Microsoft regarding the exact extent of this login issue, but reports from the field indicate occurrence on multiple systems.
- Affected domain Controladores: Windows Server 2016, 2019, 2022 and 2025
- Main Condição: Environments with PAM and non-Global Catalog controllers
- Major Sintoma: LSASS crash leads to repeated reboots
- Impacto: Authentication and directory services stop
- Temporary Solução: mitigation via Suporte Microsoft
- Additional Problema reported: Admin login failed with incorrect password message
Microsoft re-enables optional updates for Windows Server 2025
In parallel to the problems, the company resolved a previous incident. Atualizações options to migrate to Windows Server 2025, suspended in November 2024, are now available again. The suspension occurred because the offer caused unwanted automatic migrations in environments with third-party tools.
Agora, administrators can choose to upgrade without the risk of unintentional upgrade. The message dashboard confirms that the issue has been fixed. Isso makes it easy to plan controlled migrations to the latest system version.
What admins should do now
Empresas with Active Directory environments should pause installation of KB5082063 on domain controllers that meet the risk profile until official mitigation is achieved. Testes in homologation environments helps to map possible impacts.
Monitorar event logs help identify LSASS crashes early. Manter contact support Microsoft speeds up access to workaround. The definitive fix should arrive in a future patch, possibly in May.
The focus remains on security, but the stability of critical services such as authentication requires immediate attention in these cases.