Solved

Windows updates broke Kerberos authentication

  • 15 November 2022
  • 4 replies
  • 510 views
P
Rank
Badge +1

Good morning,

I spoke with IFS this morning and they confirmed that their customers who use Kerberos to authenticate AD users to assyst are reporting that users can no longer access the application after some Windows Server 2019 updates were applied.

Has anyone here who uses Kerberos to authenticate users to assyst (pass-through authentication) experienced problems after Win Server 2019 updates being applied to the server?

We will be attempting to rollback the updates.  I have also checked the krb5.conf and it appears to be correct.  I removed older encryption types.

As a workaround, I have set up an alternate assyst app server that is using Database authentication to allow users to continue to use the application.

Anyone else having this problem?  We are on assyst 10 SP7.5 but IFS has told me that it affects all versions.

icon

Best answer by pmcallister 23 November 2022, 14:15

View original

4 replies

M
Rank
Userlevel 1
Badge +2

Hi all, here is a link to the Microsoft known issue we are referring customers to who come to IFS support, Windows 11, version 22H2 known issues and notifications | Microsoft Learn 

P
Rank
Badge +1

Thanks @marcmarenghi - that helped.  We patched our DCs with the 17 Nov 2022 out-of-band patch that Microsoft released, and it resolved the Kerberos authentication issue that was caused by the 08 Nov 2022 security update.

C
Rank

Hi all,

I have a client presenting this issue now and the latest patches in the KDC applied KB5021294 were meant to already have the fix from Nov 17 2022. They uninstalled that patch and the issue persists. They are on Windows Server 2012 R2.

Does anyone else have this issue?

 

M
Rank
Userlevel 1
Badge +2

Hi,  feedback at the time was the out-of-band patch for the DC’s resolved the issues but there was a good post from MS techs as a follow up where others scenarios might apply, take a look at this link, MS support should be in position to help as well if not covered here; What happened to Kerberos Authentication after installing the November 2022/OOB updates? - Microsoft Community Hub  

Reply


Terms & ConditionsCookie settings