Remember me
Microsoft earlier this week released its latest Patch Tuesday update, the release is for the month of April 2026. On Windows 11 under KB5083769 and KB5082052, the new update brings a major Remote Desktop-related change, among other things.
As is often the case though, the new update has introduced new bugs. Microsoft already confirmed a BitLocker recovery bug that affects Windows clients (Windows 11 and 10) as well as Server systems. Speaking of which, Microsoft today has confirmed another issue affecting Server systems as it reports domain controllers (DCs) restarting repeatedly as a result of a new conflict between PAM and LSASS.
Microsoft explains: "After installing the April 2026 Windows security update (KB5082063/KB5082142) and rebooting, non‑Global Catalog (non‑GC) domain controllers (DCs) in environments that use Privileged Access Management (PAM), might experience LSASS crashes during startup. As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable" The company also adds that in some environments, the bug can also be encountered when setting up a new DC or on existing DCs if authentication requests are processed very early during startup.
For anyone wondering, Local Security Authority Server Service or the LSASS process helps validate and authenticate users for local and remote sign-ins by enforcing local security policies. Meanwhile, Privileged Access Management or PAM helps administrators restrict privileged access within an existing and isolated Active Directory (AD) environment. It is only recommended for spaces that are not connected to the internet. PAM essentially adds protection by making it harder for attackers to access a network and obtain privileged account access.
In terms of a workaround, Microsoft has urged IT administrators to reach out to Microsoft Support for business to access a mitigation. The said mitigation can be applied to affected devices that already have installed the new buggy April 2026 update. It will also work even in case the new Windows Server update has not yet been downloaded and installed. The tech giant says it is working on a fix.