Microsoft has rolled out emergency updates for various versions of Windows Server, a necessary response to complications stemming from the April 2026 Patch Tuesday security updates.
Among the most pressing issues was a reboot loop affecting domain controllers, triggered by crashes of the Local Security Authority Subsystem Service (LSASS). This malfunction rendered authentication services unavailable, complicating operations significantly. The problem was particularly pronounced when new domain controllers were being set up, as these servers sometimes processed authentication requests prematurely, before the boot sequence had fully completed. Additionally, certain Windows Server 2025 systems faced challenges in installing the security update KB5082063.
According to Microsoft, “The Windows Server 2025 OOB update (KB5091157) addresses both the installation failure issue and the domain controller restart issue.” Other out-of-band updates released for additional supported Windows Server versions specifically target the domain controller restart problem.
Microsoft has introduced an out-of-band (OOB) update for seven distinct versions:
- Windows Server 2025: KB5091157
- Windows Server, version 23H2: KB5091571
- Windows Server 2022: KB5091575
- Windows Server 2019: KB5091573
- Windows Server 2016: KB5091572
- Windows Server 2025 Datacenter Azure Edition: Hotpatch KB5091470
- Windows Server 2022 Datacenter Azure Edition: Hotpatch KB5091576
More issues after April updates
Beyond the LSASS crashes and the installation error linked to KB5082063, Microsoft has alerted users to another concern: some Windows Server 2025 devices may inadvertently boot into BitLocker recovery mode following the update. This situation necessitates users to input a BitLocker recovery key to regain access.
Tip: Windows Server Finally Gets ReFS Boot Support.
