Forum Discussion

BC-ITGuy's avatar
BC-ITGuy
Copper Contributor
Nov 16, 2022

Azure Advanced Threat Protection service failing to start after installing November MS Patches

Azure Advanced Threat Protection service failing to start after installing November MS Patches:   ** .NET CU - KB5020627 - November 8, 2022-KB5020627 Cumulative Update for .NET Framework 3.5 and 4....
BC-ITGuy's avatar
BC-ITGuy
Copper Contributor
Nov 17, 2022

Martin_Schvartzman 

Thanks for the helpful info.

I confirmed we're receiving the event id 14 for the atp group managed service account as outlined here:

https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/

 

event id 14:

While processing an AS request for target service krbtgt, the account %OURGMSAUSEDWITHATP%$ did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18 17 23 24 -135 3. The accounts available etypes : 23 18 17. Changing or resetting the password of %OURGMSAUSEDWITHATP%$ will generate a proper key.

--

It doesn't look like there's a way to force a password change on a gmsa to see if this message is actually accurate. The time change is hardcoded at creation (30 days) (https://social.technet.microsoft.com/Forums/en-US/d08bdb51-81f4-4368-9213-33a969e1b29b/powershell-cmdlet-to-reset-gmsa-password?forum=ITCG)

 

Maybe we can create a new gmsa and test it with atp? Would this work or is the message not accurate?

 

It says that Microsoft is working on a fix for this issue and it will be released in the next few weeks.

BC-ITGuy's avatar
BC-ITGuy
Copper Contributor
Nov 18, 2022
Microsoft released a updated CU to resolve this issue: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-kerberos-auth-issues-in-emergency-updates/