Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community

Password Change Logon Loop Windows serwer 2019 KB5011551

Copper Contributor

I have a problem
users passwords expire or I manual reset them with "User must change password" box checked. Every time they enter a new password it tells them to do it again in an endless loop. All of this happened after installing KB5011551. Is it possible to repair without uninstalling KB5011551 ?

 

13 Replies

Seems a well-known issue. I'd remove KB5011551, and wait for April monthly rollup

 

 

@Slawek82 

I can verify that we have experienced the same thing in our domain. We are also running Windows Server 2019 and didn't have any issues until update KB5011551.  Now we are having to reset our users passwords for them, then have them change their passwords using ctrl-alt-delete, then Change Password.

@vallivueengineer 

I have the same problem and i hope in a solution as soon as possible.

Thanks

Hi, today we saw a similar problem on our DC WS 2019. We are waiting for the next MS updates that will fix the problem.
We have two Server 2019 servers acting as DCs as well that are experiencing this issue. I have uninstalled KB5011551 four times, followed by blocking it in elevated powershell, and it keeps reinstalling nightly. Does anyone know when the April rollup will be available (hopefully the fix is included)?
Hey, does anyone know anything about the same issue on Windows Server 2022???
Hi Slawek82,
try to set the "Minimum Password Age" to 0 days.
I had the same problem with Server 2022 and was able to fix it by setting the "Minimum password age" to "0 days".
You can usually find the setting in the "Default Domain Policy", where it is set to "1 day" by default.
Best Regards from Germany
Alex
Hi MysticFoxDE
In my case, this solution did not help.
However, Micorsoft fixed the problem by issuing an update (KB5012647)
I did an update to 4 DC and everything is back to normal.
Thank you
Regards from PL
Slawek

Hi Slawek,
the current April patch did not help me with the 2022 DC, because even an hour after installing the patch and of course also rebooting the clients and the server, a normal user was still unable to change a password.
It only worked again after I adjusted the "Minimum password age" in the GPO.

This Microsoft botch is getting worse by the day. :pouting_face:

Best Regards from Germany
Alex

P.S. @Pernille-Eskebo Quality Assurance
Are you testing anything at all or are you perhaps still in hibernation mode?

Hi @MysticFoxDE,

 

I have brand new DC's with WS 2022 and am now experiencing the exact same issue as you. I've tried to apply the workaround you supplied with the GPO setting "Minimum password age" set to 0 (zero), unfortunately without any positive result.

 

Do you have any tips?

 

Greetings from Sweden!

//Daniel

Hi Daniel,
have you already installed the April patch on your server 2022?
I first installed all currently available updates on the affected system and only then adjusted the GPO.

In addition, of course, I also adjusted other things on the servers so that the event viewer no longer spits out errors. It may also be that one of these changes plays a role.

However, I would not like to go through everything possible without knowing your surroundings and the error pattern more precisely.

Please make sure first that you have installed all the latest updates.

Best Regards from Germany
Alex
Hi Daniel,

one small addition.
I had problems with Kerberos on the 2022, which I was able to mitigate somewhat by setting the registry key described in the following article.

https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e...

PacRequestorEnforcement is currently set to 1 for me, but I've also experimented with 0 and 2 in the meantime.

Best Regards from Germany
Alex

Hi @MysticFoxDE,

 

Problem solved!!! :stareyes:

 

First, I thought that my servers were patched. When downloading KB5012604 from Microsoft Update Catalog trying to manually update the servers, I was prompted that the KB was already installed (hence my original post). However, when running Windows Update from Microsoft on my servers this morning, they downloaded and installed the KB5012604. After a reboot, my test-user was able to change password when password was expired.

 

Hopefully, this will also apply on WS 2019.

 

Cheers!

 

//Daniel