Microsoft addresses final week’s buggy Windows Updates that broke VPNs and rebooted servers

Microsoft released an out-of-band (OOB) replace yesterday to repair some Windows points attributable to final week’s month-to-month patching cycle on Patch Tuesday.

The January 2022 updates that shipped final week included safety patches and a repair for Japanese textual content look points in Windows 11 (KB5009566) and Windows 10 (KB5009543) — together with a secret payload of points, together with sudden restarting of Domain Controllers and VPN connections utilizing L2TP failing.

One of the foremost points that got here up through the week for IT admins included discovering that Windows Server 2012 turned caught in a boot loop, whereas different variations suffered damaged Windows VPN shoppers, and a few exhausting drives appeared as RAW format (and unusable). Many IT Admins had been compelled to roll again the updates — leaving many servers weak with none of final week’s safety patches.

The course of is leaving some IT Admins annoyed and sharing grievances on Reddit. They discovered that the OOB replace (an replace separate from the standard timing that’s downloaded and distributed manually by workers) would power them to first run final week’s buggy patches — risking some Domain Controllers to constantly reboot, lack of entry to exterior drives formatted as ReFS (Resilient File System), and damaged VPN connectivity.

The Verge spoke with an IT Admin for a college, who was capable of affirm they, too, needed to roll again final Tuesday’s replace as a result of exterior ReFS drives had develop into incompatible — with no warning from Microsoft. Microsoft’s paperwork state that ReFS ought to solely be used on mounted drives, so this division (and different IT admins on Reddit) needed to migrate knowledge earlier than operating the updates once more.

Should the ReFS situation haven’t been addressed any sooner by Microsoft, they could have believed the drives had been defective, then tried reformatting to NTFS and shedding the information (that is perhaps a good suggestion anyway, as different posts Reddit shared accounts of ReFS failing on them no matter this replace).

This OOB replace is offered to IT admins with entry to Microsoft’s replace catalog and will be loaded into Windows Server Update Services (WSUS) — however doesn’t, as of but, seem within the WSUS catalog, leaving Admins compelled to manually obtain and cargo it.

An particular person by the title of syshum on the sysadmin subreddit jokes: “To Microsoft the question is Why are you still using DomainControllers. You should be using Azure AD only.” There are explanation why many would possibly imagine there’s an uneven allocation of assets — subscription cloud companies like Azure contribute extra to the corporate’s fixed income stream than a long-term supported Active Directory resolution on-premises.

Thankfully, help for on-premise options isn’t gone but. Cliff Fisher, Microsoft’s product supervisor for Active Directory, addressed the issues of patching the older Server 2012 R2, which erroneously reboots too quick to take the entire cumulative patch:

Some of those fixes can be found now for Windows 11 and Windows 10 as an non-compulsory replace in case you go to Windows Update in your laptop. As of writing, there’s nonetheless no repair for Windows Server 2019.