There are currently problems with Windows updates in connection with BlackBerry UEM and KCD.
These occur when the Microsoft November updates have been installed on the domain controllers.
As far as we know today, Microsoft has a bug in the November update that makes KCD (S4U2Proxy/S4U2Self) unusable.
We have analyzed the problem over the weekend and have come to the conclusion that there is currently no solution.
As uninstalling the updates does not help either, the update should be installed on the DCs not be installed until Microsoft has found a fix.
These are the affected patches and server versions.
KB5007206: Windows Server 2019
KB5007192: Windows Server 2016
KB5007247: Windows Server 2012 R2
KB5007260: Windows Server 2012
KB5007236: Windows Server 2008 R2 SP1
KB5007263: Windows Server 2008 SP2
The following systems may also be affected:
- Web Application Proxy
- Load balancer
- Azure AD Sync
- Azure Kerberos login with Cloud Identity
- WSUS
Further background information can be found at:
- https://www.borncity.com/blog/2021/11/11/november-2021-patchday-probleme-wsus-dc-events/
- https://docs.microsoft.com/en-ca/windows/release-health/status-windows-10-1809-and-windows-server-2019#2748msgdesc
Microsoft has since released a fix (see:https://docs.microsoft.com/en-ca/windows/release-health/status-windows-10-1809-and-windows-server-2019#2748msgdesc)
However, our tests and analyses show that the fix does not lead to the hoped-for result, which means that KCD is still unusable.
