Microsoft fixes Patch Tuesday bugs that broke Windows VPN, ReFS and DC


Microsoft released an out-of-band (OOB) update yesterday to address some Windows issues caused by last week’s monthly patch cycle on Patch Tuesday.

January 2022 updates delivered last week included security fixes and a fix for Japanese text appearance issues in Windows 11 (KB5009566) and Windows 10 (KB5009543) – plus a secret issues payload , including unexpected restart of domain controllers and VPN connections using L2TP failure.

One of the main issues that IT administrators encountered during the week was that Windows Server 2012 was stuck in a boot loop, while other versions suffered from broken Windows VPN clients and some hard drives appearing at the RAW format (and unusable). Many IT admins have been forced to roll back updates, leaving many vulnerable servers without any of the security patches from last week.

The process leaves some IT admins frustrated and sharing grievances on Reddit. They found that the OOB update (a separate update from the usual schedule that is manually downloaded and distributed by staff) would force them to run last week’s bug fixes first – risking continual rebooting of some controllers domain name, loss of access to external drives formatted as ReFS (Resilient File System), and interrupted VPN connectivity.

The edge spoke with an IT administrator at a university, who was able to confirm that he also had to roll back last Tuesday’s update because external ReFS drives had become incompatible, without warning from Microsoft. Microsoft’s docs state that ReFS should only be used on fixed drives, so that department (and other IT admins on Reddit) had to migrate the data before running updates again.

If the ReFS problem hadn’t been fixed sooner by Microsoft, they might have thought the drives were bad, then tried reformatting to NTFS and losing the data (this might be a good idea anyway, because other Reddit posts shared accounts of ReFS failing on regardless of this update).

This OOB update is available to IT administrators with access to Microsoft’s update catalog and can be uploaded to Windows Server Update Services (WSUS) – but does not yet appear in the WSUS catalog, requiring administrators to download and upload it manually. .

An individual by the name of syshum on the sysadmin subreddit jokes: “For Microsoft, the question is why are you still using DomainControllers. You should use Azure AD only. There are reasons why many might believe there is an unequal allocation of resources – subscription cloud services like Azure contribute more to the company’s steady revenue stream than an Active Directory solution supported at long term on site.

Fortunately, support for on-premises solutions hasn’t gone away just yet. Cliff Fisher, Microsoft Product Manager for Active Directory, addressed the issues with patching old Server 2012 R2, which mistakenly reboots too quickly to take the full update rollup:

Some of these fixes are now available for Windows 11 and Windows 10 as an optional update if you access Windows Update on your computer. At the time of writing, there is still no fix for Windows Server 2019.


Comments are closed.