Impact: Customers have reported NTLM authentication failures and high load on affected domain controllers Originating KB URL: https://support.microsoft.com/en-us/topic/5036932 Originating KB Release Date: 2024-04-09T10:00:00-07:00 Originating Build: N/A Resolved KB URL: https://support.microsoft.com/en-us/topic/5037800 Date Resolved: 2024-05-14T10:00:00-07:00 All Updates: ------------------------------------------------------ May 14, 2024 17:00 PM After installing the April 2024 security update (KB5036932 (https://support.microsoft.com/help/5036932)) on domain controllers (DCs), you might notice a significant increase in NTLM (https://learn.microsoft.com/windows-server/security/kerberos/ntlm-overview) authentication traffic. This issue is more likely to affect Active Directory (AD) deployments already servicing a large number of NTLM authentication requests where a small number of Primary Domain Controllers (PDCs) are supporting a large number of read-write Backup Domain Controllers (DCs) and Read Only Domain Controllers (RODCs). Note: In rare instances, Windows Servers running the Domain Controller (DC) role might experience Local Security Authority Subsystem Service (LSASS) crashes resulting in a reboot. Resolution: This issue was resolved by Windows updates released May 14, 2024 (KB5037800 (https://support.microsoft.com/help/5037800)), and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. Affected platforms: Client: none Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues. ------------------------------------------------------ May 03, 2024 23:43 PM After installing the April 2024 security update (KB5036932 (https://support.microsoft.com/help/5036932)) on domain controllers (DCs), you might notice a significant increase in NTLM (https://learn.microsoft.com/windows-server/security/kerberos/ntlm-overview) authentication traffic. This issue is more likely to affect Active Directory (AD) deployments already servicing a large number of NTLM authentication requests where a small number of Primary Domain Controllers (PDCs) are supporting a large number of read-write Backup Domain Controllers (DCs) and Read Only Domain Controllers (RODCs). Note: In rare instances, Windows Servers running the Domain Controller (DC) role might experience Local Security Authority Subsystem Service (LSASS) crashes resulting in a reboot. Next steps: We are working on a resolution and will provide an update in an upcoming release. Windows support: Enterprise devices: Request help for your organization through Support for business (https://support.serviceshub.microsoft.com/supportforbusiness/onboarding). Affected platforms: Client: none Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues. ------------------------------------------------------ May 01, 2024 03:57 AM After installing the April 2024 security update (KB5036932 (https://support.microsoft.com/help/5036932)) on domain controllers (DCs), you might notice a significant increase in NTLM (https://learn.microsoft.com/windows-server/security/kerberos/ntlm-overview) authentication traffic. This issue is likely to affect organizations that have a very small percentage of primary domain controllers in their environment and high NTLM traffic. Next steps: We are working on a resolution and will provide an update in an upcoming release. Windows support: Enterprise devices: Request help for your organization through Support for business (https://support.serviceshub.microsoft.com/supportforbusiness/onboarding). Affected platforms: Client: none Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues.