Updated ouut-of-band (OOB) updates are released for March 2024 for Windows Server Domain Controllers

Microsoft has identified an issue that affects Windows Server domain controllers (DCs), and has expedited a resolution that can be applied to affected devices. Out-of-band (OOB) updates have been released for some versions of Windows today, March 22, 2024, to addresses this issue related to a memory leak in the Local Security Authority Subsystem Service (LSASS). This occurs when on-premises and cloud-based Active Directory domain controllers service Kerberos authentication requests.

This issue is not expected to impact Home users, as it is only observed in some versions of Windows Server. Domain controllers are not commonly used in personal and home devices.

Updates are available on the Microsoft Update Catalog only. These are cumulative updates, so you do not need to apply any previous update before installing them, and they supersede all previous updates for affected versions. If your organization uses the affected server platforms as DCs and you haven’t deployed the March 2024 security updated yet, we recommend you apply this OOB update instead. For more information and instructions on how to install this update on your device, consult the below resources for your version of Windows:

  • Windows Server 2022KB5037422
  • Windows Server 2019: Available soon
  • Windows Server 2016KB5037423
  • Windows Server 2012 R2KB5037426

Note: The OOB release for Windows Server 2019 will be released in near term.

Enable Virtualization-based Security on a Virtual Machine on Nested ESXi Server in VMware Workstation

First Step Shutdown ESXi Server enable Encryption
Graphical user interface, application

Description automatically generated

Second Add vTPM

Graphical user interface, application, Word

Description automatically generated

Boot ESXi Server(s)

Configure Key Providers (Add Native Key Provider)

Graphical user interface, text, application, website

Description automatically generated

A screenshot of a computer

Description automatically generated

Now you can add vTPM to you VM
Don’t forget to enable VBS

Graphical user interface, application

Description automatically generated

Create GPO SRV 2022 – Virtualization Based Security and I did Apply only to my Server 2022 Lab Environment
Graphical user interface, application

Description automatically generated

System Information on my Server 2022 Lab Server
A screenshot of a computer

Description automatically generated with medium confidence

Deploy Windows 10 and Windows Server vNext Technical Preview Using MDT 2013

1. Mount boot.wim file
Dism /Mount-Image /ImageFile:”D:\DeploymentShare\Operating Systems\Windows Server Technical Preview\sources\boot.wim” /index:1 /MountDir:D:\offline

2. Copy the dism.exe and DISM folder from the Windows 10 Technical Preview boot.wim file to your deployment share, in my case D:\DeploymentShare\Tools\x64.

The dism.exe file and DISM folder are found in the X:\Windows\System32 on your boot image (once booted), or D:\Offline\Windows\System32 if you just mounted the boot.wim.

3. Unmount the image|
Dism /Unmount-Image /MountDir:”D:\Offline” /Discard

4. Edit the Task Sequence
image image 

After copying the files, add two run command line actions to your Windows 10 Technical Preview and Server vNext Preview task sequence after Preinstall – Enable Bitlocker (Offline)

Copy WTP dism.exe
cmd /c copy %deployroot%\tools\%architecture%\dism.exe x:\windows\system32\ /y

Copy WTP DISM subsystem
cmd /c copy %deployroot%\tools\%architecture%\dism\*  x:\windows\system32\dism /y

5. Deploy Machines

image

image

Translate »