Windows Server 2019: Is Update KB5010791 causing a Boot Loop?

Update[German]Question for the administrators of Windows Server 2019 systems: What are your experiences regarding the January 11, 2022 updates and boot loops. On Domain Controllers, the boot loops are well known, but Microsoft has released out-of-band updates with a fix. But I have now received reports that a Windows Server 2019 running stably so far with update KB5009557 had forced the servers into a boot loop with update KB5010791.

Windows Server Boot Loop

The security updates of January 11, 2022 has caused serious issues. My blog post Microsoft Microsoft Januar 2022 Patchday Revisions (2022/01/14) provides an overview of these issues – details can be found in the posts linked at the end of the article, if applicable.

Specifically on Windows Server, domain controllers were forced into a boot loop (see Windows Server: January 2022 security updates are causing DC boot loop). As of Jan. 17 and Jan. 18, 2022, Microsoft then submitted out-of-band updates to address the issues. For Windows Server 2019, out-of-band update KB5010791 has been available since Jan. 18, 2022 (see Out-of-band Updates for Windows Server 2019 fixes Jan. 2022 Patch day issues (Jan. 18, 2022)).

However, these updates then did not fix all patch day issues that occurred. It's also stupid that some of the updates were not offered via Windows Update – on the other hand, they were installed automatically on Windows machines despite optional classification. In the blog post Status of January 2022 security updates from Microsoft (2022/01/25).

Boot loop due to update KB5010791

Now German blog reader Holger M. emailed me on February 2, 2022, reporting a boot loop due to update KB5010791 on their Windows Server 2019 instances. Holger wrote:

We applied the KB5010791 to all Windows Server 2019 last night. The update KB5009557 [dated 11/1/2022] was running on these servers, except for the DCs, since 17/01 without any problems. Today around 11am the file server went into a boot loop and booted 6 times in a few minutes interval. KB5010791 seems to be faulty again …

So means that the original update KB5009557 from 11/1/2022 ran without problems on Windows Server 2019, unless it was acting as a domain controller. In contrast, the fix update KB5010791 from 1/18/2022 (see Out-of-band Updates for Windows Server 2019 fixes Jan. 2022 Patch day issues (Jan. 18, 2022)) causes a boot loop on this server. Holger mentioned several machines running Windows Server 2019 and sent me the following excerpt from the error message: 

Protokollname: Application
Quelle:     Microsoft-Windows-Wininit
Datum:    02.02.2022 11:23:06
Ereignis-ID:   1015
Aufgabenkategorie:Keine
Ebene:         Fehler
Schlüsselwörter: Klassisch
Benutzer:      Nicht zutreffend
Computer:      *****
Beschreibung:

Ein kritischer Systemprozess C:\Windows\system32\lsass.exe ist fehlgeschlagen mit den Statuscode c0000005. Der Computer muss neu gestartet werden.
Ereignis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="49152">1015</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-02-02T10:23:06.826509700Z" />    <EventRecordID>23987</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>***</Computer>
<Security />
</System>
<EventData>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>c0000005</Data>
</EventData>
</Event>

The event log (it's in German) has the following entries regarding the error:

Protokollname: Application
Quelle:        Application Error
Datum:         02.02.2022 11:23:04
Ereignis-ID:   1000
Aufgabenkategorie: (100)
Ebene:         Fehler
Schlüsselwörter: Klassisch
Benutzer:      Nicht zutreffend
Computer:      ****

Beschreibung:
Name der fehlerhaften Anwendung: lsass.exe, Version: 10.0.17763.2213, Zeitstempel: 0xcb5bd01a

Name des fehlerhaften Moduls: msv1_0.DLL, Version: 10.0.17763.2458, Zeitstempel: 0xfa73c4ac

Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027e1
ID des fehlerhaften Prozesses: 0x2dc

Startzeit der fehlerhaften Anwendung: 0x01d8181e8f68b510
Pfad der fehlerhaften Anwendung: C:\Windows\system32\lsass.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\msv1_0.DLL
Berichtskennung: 1ea3bc96-f018-4f8b-b8da-839e5266bed0

Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Ereignis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-02-02T10:23:04.998430300Z" /><EventRecordID>23985</EventRecordID>
<Channel>Application</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data>lsass.exe</Data>
<Data>10.0.17763.2213</Data>
<Data>cb5bd01a</Data>
<Data>msv1_0.DLL</Data>
<Data>10.0.17763.2458</Data>
<Data>fa73c4ac</Data>
<Data>c0000005</Data>
<Data>00000000000027e1</Data>
<Data>2dc</Data>
<Data>01d8181e8f68b510</Data>
<Data>C:\Windows\system32\lsass.exe</Data><Data>C:\Windows\system32\msv1_0.DLL</Data>
<Data>1ea3bc96-f018-4f8b-b8da-839e5266bed0</Data>
<Data></Data>
<Data></Data>
</EventData>
</Event>

Further confirmations

In the meantime I have received further confirmations to my post in a German Facebook admin group. Jan S. writes: 

We experienced this error with a VM. Complete restore from backup helped …

And Patrick K. also made corresponding observations:

Bootloop… Had this yesterday in a terminal farm..the whole thing has then built up to the point that 2 of the servers had to be reinstalled.

Anyone of you with similar experiences?

Similar articles:
Patchday: Windows 8.1/Server 2012 R2 Updates (January 11, 2022), boot loop reported
Patchday: Windows 10 Updates (January 11, 2022)
Patchday: Windows 11 Updates (January 11, 2022)
Patchday: Updates for Windows 7/Server 2008 R2 (January 11, 2022)

Windows Server: January 2022 security updates are causing DC boot loop
Windows VPN connections (L2TP over IPSEC) broken after January 2022 update
Windows Server 2012/R2: January 2022 Update KB5009586 bricks Hyper-V Host
Microsoft patch day issues Jan. 2022: bugs confirmed, but updates not pulled

Microsoft Microsoft Januar 2022 Patchday Revisions (2022/01/14)
Windows Out-of-band Updates fixes Jan. 2022 patch day issues (Jan. 17, 2022)
Windows 10/Server: Out-of-band Updates fixes Jan. 2022 patch day issues (Jan. 17, 2022)
Out-of-band Updates for Windows Server 2019 fixes Jan. 2022 Patch day issues (Jan. 18, 2022)
Windows 7/8.1; Server 2008R2/2012R2: Out-of-band Updates with Fixes for Jan. 2022 Patch day Issues (2022/01/17)

Review: Fix for Windows IPSec VPN Connection Issues
Out-of-Band Updates for Windows (Jan. 17/18, 2022) doesn't fixes ReFS Issues complete
Review: Fix for Hyper-V Host Startup Problem in Windows (January 2022)

Access lock bug caused by Microsoft Office updates (January 11, 2022)
Windows 10: Outlook search broken again or fixed by Microsoft? (Jan. 2022)
Status of January 2022 security updates from Microsoft (2022/01/25)
Windows 10 / Windows Server Preview Update (Jan. 25, 2022)

This entry was posted in issue, Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *