Forum Discussion

MNichols's avatar
MNichols
Copper Contributor
Aug 15, 2024

KB5041578 causing Windows Server 2019 to be unresponsive

In testing the August 2024 security update for Windows Server 2019 (KB5041578) we are finding the update causes some Windows Server 2019 servers to become unresponsive.    There is also a thread on...
security
Shakedown1979's avatar
Shakedown1979
Copper Contributor
Aug 21, 2024

MNichols
I've found a "fix" that appears to do the job, it's not particularly graceful and is manual, but at least pretty quick and doesn't require a reboot or apparent roll-back of the update. You might need patience depending on how badly affected your system(s) are... Additionally if you have any kind of IOP-limited disks on affected servers this will make them even slower; if possible, remove any IOP limit and it should be less painful.

 

You'll need to launch (as admin) PowerShell or CMD, services.msc, Task Manager, and Windows Explorer. I put each in a corner of the UI for ease of navigation.

 

  • In services.msc find Cryptographic Services and Disable it. You won't be able to stop it conventionally.
  • In Task Manager/Services tab look for CryptSvc and note the PID.
  • In Explorer, attempt to rename C:\Windows\System32\catroot2 to something else, doesn't matter what. It will fail, because it is in-use. Leave the pop-up open.
  • In PowerShell/CMD, type "taskkill /F /PID <PID noted above>.
  • Quickly flick back to the "Folder in Use" pop-up and hit Try Again, it should rename.
  • In services.msc put Cryptographic Services back to Automatic, the process will restart automatically very quickly so you don't need to do that. The catroot2 folder will regenerate also, and apparently not look much/at all different from the old one.

Server should be response again...

jbruns2019's avatar
jbruns2019
Brass Contributor
Aug 21, 2024
Another way using posh.

set-service CryptSvc -StartupType Disabled
stop-service Wuauserv -Force
stop-service cryptsvc -Force
stop-service bits -Force
remove-item -Path C:\windows\system32\catroot2 -Recurse -Force
set-service CryptSvc -StartupType Automatic
start-service Wuauserv
start-service cryptsvc
start-service bits
  • Karen8488150's avatar
    Karen8488150
    Copper Contributor
    Aug 21, 2024

    jbruns2019 

    stop-service cryptsvc -Force

    This step fails due to other dependent processes. What can be done about this?

    Thank you.

  • Shakedown1979's avatar
    Shakedown1979
    Copper Contributor
    Aug 21, 2024
    Heheh this would work nicely, when I'm lucky enough to be able to do PS.

    A strange side-effect which could be cause, effect, or something in-between seen on a lot of affected servers is that no form of PowerShell CLI, ISE will launch. This would appear to be as a result of something in Windows Defender locking-up, and with Tamper Protection via the XDR agent enabled, it's impossible to work-around.

Resources