[German]As of January 11, 2022, Microsoft has released various updates for Windows 8.1. These security updates are also available for Windows Server 2012 R2. I have already received information from a blog reader that a boot loop has occurred with domain controllers. Here is some information on the Monthly Rollup and Security only updates for this operating system.
Updates for Windows 8.1 and Windows Server 2012 R2
A rollup and security-only update have been released for Windows 8.1 and Windows Server 2012 R2. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5009624 (Monthly Rollup) for Windows 8.1/Server 2012 R2
Update KB5009624 (Monthly Rollup for Windows 8.1 and Windows Server 2012 R2) contains improvements and fixes, and addresses the following.
Addresses a Windows Server issue in which Active Directory attributes are not written correctly during a Lightweight Directory Access Protocol (LDAP) modify operation with multiple specific attribute changes.
This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS. If installing manually, the latest Servicing Stack Update (SSU KB5001403) must be installed beforehand – although this SSU cannot be uninstalled.
Microsoft is aware of the following issue related to the update: Certain operations, such as renaming, that you perform for files or folders on a Cluster Shared Volume (CSV) may fail with the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". This occurs when you perform the operation on a CSV owner node from a process that does not have administrator privileges. The KB article suggests a workaround to fix this. Details can be found in the KB article.
KB5009595 (Security-only update) for Windows 8.1/Server 2012 R2
Update KB5009595 (Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2) addresses the same issues as update KB5009624. The update is distributed via WSUS (but not via Windows Update) or is available from the Microsoft Update Catalog. In case of a manual installation, the latest Servicing Stack Update (SSU) KB5001403 must be installed beforehand. In addition, the Internet Explorer 11 security update KB5006671 from Oct. 2021 (if not already available) should be installed.
Boot loop on DCs reported
German blog reader John L. contacted me via email a few hours ago about issues with the Jan 2022 update in conjunction with Windows Server 2012 R2. In his case, 2 domain controllers went into a boot loop because LSASS.exe throws an error 0xc0000005 (access violation). Here is his advice (thanks for that – I've translated his German text).
Hello Günter,
if you get several messages (as mine one) that 2012R2 is stuck in a bootloop loop after the patchday, this could possibly be due to the fact that after installing the KB's from today (no idea which one yet) LSASS.EXE crashes with 0xc0000005.
""Name of the corrupted application: lsass.exe, version: 6.3.9600.17415, timestamp: 0x545042fe
Name of the corrupt module: msv1_0.DLL, version: 6.3.9600.20239, timestamp: 0x61c1a5c8
Exception Code: 0xc0000005
Fehleroffset: 0x0000000000002663
ID of the faulty process: 0x1f4
Start time of the faulty application: 0x01d8072ac5b2c15a
Path of the faulty application: C:\Windows\system32\lsass.exe
Path of the corrupted module: C:\Windows\system32\msv1_0.DLL
Berichtskennung: afc36fda-7320-11ec-813a-00155d012601
Full name of the corrupted package:
Application ID relative to the corrupted package: "".This will cause an immediate bootloop.
I want to advise against rolling back snapshots, especially for DC's, to avoid provoking USN rollbacks.
Workaround:
Prevent one of the two DC's from booting, then uninstall today's hotfixes first on one and then on the other DC.
I haven't found any other hits in a search yet. Addendum: There is a 2nd issue that's reported by blog readers:
On all Windows 2012 R2 servers, all ReFs volumes are in RAW format after installation.
The cause seems to be KB5009624. After uninstalling the update and rebooting the server, the drives are present again.
Addendum: I've published a separate article Windows Server: January 2022 security udpdates are causing DC boot loop, because other Windows Server DC versions are also affected.
Updates for Windows Server 2012
A rollup and a security-only update have been released for Windows Server 2012 and Windows Embedded 8 Standard. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5009586 (Monthly Rollup) for Windows Server 2012
Update KB5009586 (Monthly Rollup for Windows Server 2012, Windows Embedded 8 Standard) contains improvements and fixes, and addresses the same issues as update KB5009624. This update is automatically downloaded and installed by Windows Update, but is also available from the Microsoft Update Catalog and via WSUS. If installing manually, the latest Servicing Stack Update (SSU KB5001401) must be installed beforehand – although this SSU cannot be uninstalled. This update have the same known issues as the updates listed above.
KB5009619 (Security-only update) for Windows Server 2012
Update KB5009619 (Security Only Quality Update for Windows Server 2012, Windows Embedded 8 Standard) addresses the same issues as update KB5009624. The update is distributed via WSUS (but not via Windows Update) or is available in the Microsoft Update Catalog. In case of a manual installation, the latest Servicing Stack Update (SSU) KB5001401 must be installed first. In addition, if not already available, the Internet Explorer 11 security update KB5006671 from Oct. 2021 should be installed.
Similar articles:
Microsoft Office Updates (January 4, 2022)
Microsoft Security Update Summary (January 11, 2022)
Patchday: Windows 8.1/Server 2012 R2 Updates (January 11, 2022), boot loop reported
Patchday: Windows 10 Updates (January 11, 2022)
Patchday: Windows 11 Updates (January 11, 2022)
Patchday: Updates for Windows 7/Server 2008 R2 (January 11, 2022)
Windows Server: January 2022 security updates are causing DC boot loop
Windows VPN connections (L2TP over IPSEC) broken after January 2022 update
Windows Server 2012/R2: January 2022 Update KB5009586 bricks Hyper-V Host
I also have a kind of boot loop issue on Windows 2012 R2 (Your PC will automatically restart in one mimute". I think it's due to KB5009624.
Seeing the same here on both our Windows 2012R2 and 2016 Domain Controllers.
Appears to be KB5009546 for our 2016 servers not sure about our 2012R2 servers but no reason to not think it's not KB5009624 as per JPascalTaipei's comment.
Our 2012R2 VMs were rebooting every 20mins or so. The 2016 VMs took longer before they started to reboot but we didn't wait for this to become a reboot loop before backing out the updates on both sets of Domain Controllers.
2016 VM DC seems to be OK for me +9hrs.
2012R2 VMs DCs were rebooting every 20mins or so – yeap.
I got also reports from German blog readers, that other Windows Server versions (also 2016, 2019) are affected. Because all Windows version received the same fix, it may hit all Windows Server version. Just to mention it.
Same issue on 2016 KB5009546. Uninstalling it now hoping it helps.
It helped for a while and returned back after a couple of hours with the KB re-installed on its own. And I don't see any options how to shut down the update service
I have same issues on Windows 2012 R2 DC and some Windows 2012 R2 HyperV Hosts have some trouble too – "The virtual machine could not be started because the hypervisor is not running." Uninstall Jan22 updates solve it…
Exchange 2013 Jan22 patch leaves many services in disabled state….
hello,
presented the same error on some hosts we manage.
Windows Server 2012 R2
I have the same problem with Hypervisor. Uninstall Jan22 updates solve it.
Have the same problem here
DC win2012R2 keeps loop rebooting
I am going to uninstall security update KB5009624.
Had an issue on Server 2012 R2 with KB5009624 causing an issue with Hyper-V. VM's were stuck in a saved state and giving the error when trying to start.
" Error in Windows Server: Virtual machine could not start because the hypervisor is not running"
The following was in the Event Logs:
Hypervisor launch failed; The operating systems boot loader failed with error 0xC00000BB
Uninstalling the update resolved the issue.
Same problem here.
3 updates (KB5009624, KB5009721, KB890830) installed this morning 5:38 (GMT +1) on the DC and after boot keeps crashing. A few seconds after login to the console Windows prompted the server will reboot within 1 minute (but crashed within 30 seconds).
The updates did not show op in the installed updates list (history) but event-viewer did show the installs. In Safe mode installed update KB5009624 again (manual), booted (problem persisted) and than deleted the update.
After another reboot (what took pretty long) finally the problem was solved.
I had to remove also KB5009595 (win2012R2)
Same problem with 2 DC, win server 2012 (not R2).
Same problem here, all ad controllers in boot loop after 4 minutes crashes lsass.exe and reboot.
Same rebooting with lsass.exe issue on Winsrv2012 (not R2). Uninstalled KB5009586 and its working again.
Same issue here: 2016 DCs Crash after 2022-01 Update
One DC crashes shortly after logon and the other one every 10 – 20 minutes. Rolling back updates..
After after 2022-01 update my remotely managed Windows server 2012 R2 shows blue screen with following options:
Continue: Exit and continue to Windows Server 2012 R2
Troubleshoot: Refresh or reset your PC or user advanced tools
Turn off your PC:
I had customer try 1st and third options unsuccessfully. I'm packing up vehicle to make onsite visit to try option 2 which hopefully will allow me to uninstall the updates. Hope this works. Damn MS.
Dear colleagues,
Just to confirm that after apply KB5009624 and restart, all our Windows Server 2012R2 lost access to REFS partitions shown it as RAW. Access was restored after uninstalling this KB same as reported by other admins in this blog.
Thanks for report and share a solution when available.
Ah but the problem is you are using it wrong.
On-prem DCs! Oh mi god! You just use the cloud and you pay MS like a good boy and get rid of all that ancient on-prem pain!
Amen ;-)
Thanks to everyone that posted here. 3 hours into this issue I found this and did exactly what you recommend. Uninstalled KB5009624, we are back fully functional.
Cheers Mates!
I ran into the reboot loop on two ADDCs [SERVER 2012 R2] in a test environment, quite hard to stop this. VMs were rebooting quite fast, login via WebConsole worked, but next reboot already started, breaking that with "shutdown /a" not possible. Disconnected network interface in Hypervisor, killed process lsass.exe (just some more time), eventually kill netlogon service and changed Windows Module Installer Service from Manual to Automatic startup. Then uninstalled KB5009624 and KB5009595, after reboot servers were fine.
Still the two patches came again through software distribution. (aaargh)
At that time I snoozed the reboot (! important!), installed the NEW KB5010794 (the new one, found on MS Update catalog) PLUS the last Servicing Stack (KB5001403) afterwards (I noticed that it was not found on these 2 machines) and rebooted again.
Since that point in time the 2 problem candidates are feeling "happy" and are running stable.
Thanks for posting this. Ive been seeing this lately as well, thanks for the confirmation.