KB5009624, KB5009557 and KB5009555 coming to break a server near you soon!
Issue / Fault definition
Microsoft recently released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.
After installing these updates Admins are reporting various issues including –
- Windows domain controller boot loops
- Hyper-V no longer starting
- ReFS file systems are no longer accessible
Impact
- Windows Server 2012 R2
- Windows Server 2019
- Windows Server 2022
- Updates KB5009624, KB5009557 and KB5009555
Known Fixes / Solutions
To fix the issue boot into SafeMode, CMD from a recovery console or DSRM and remove the update.
- Windows Server 2012 R2: wusa /uninstall /kb:KB5009624
- Windows Server 2019: wusa /uninstall /kb:KB5009557
- Windows Server 2022: wusa /uninstall /kb:KB5009555
Other possible fixes
The moment you first logon.
1. Immediately run command prompt, right click, run as administrator (just incase)
2. type in “net stop netlogon” (shows The Netlogon service was stopped successfully.)
3. Program and Features
4. Select Uninstall (click on Security Update for Microsoft Windows (KB5009557)
5. You must restart your computer to apply these changes (click Restart Later)
6. Select Uninstall (click Update for Microsoft Windows (KB5008873)
7. You must restart your computer to apply these changes (click Restart Now)
The issue of reboots only happens if 2 or more DC’s have the update installed. Just turn off 1 dc or boot it into safemode without networking and the other DC stops rebooting. Then you have at least 1 DC up for people to continue work and you have time to uninstall the patches.
Mitigation
Delay roll out of any of the affected patches.
