Share via

What is the mitigation of this issue April patch puts Windows domain controllers into reboot loops — third known issue from KB5082063 is affecting Windows Server 2016 through 2025

Pankaj Kumar Keserwani 0 Reputation points
2026-04-18T02:10:41.06+00:00

What is the mitigation of this issue_ "After installing the April 2026 Windows security update (KB5082063) and rebooting, domain controllers (DCs) in environments with multiple domains in the forest that use Privileged Access Management (PAM), might experience LSASS crashes during startup. As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable"
for devices that already have installed the April 2026 update or prior to installing it?

Windows for business | Windows Server | Devices and deployment | Install Windows updates, features, or roles
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Harry Phan 19,485 Reputation points Independent Advisor
    2026-04-18T03:05:55.1266667+00:00

    Hi Pankaj,

    As far as I know, Microsoft has acknowledged LSASS crashes on domain controllers after installing KB5082063 in multi-domain forests with PAM enabled. For systems that already have the April 2026 update installed, the immediate mitigation is to uninstall KB5082063 from affected DCs using wusa /uninstall /kb:5082063 and block its redeployment via WSUS or Intune until a fixed build is released. If you have not yet deployed the update, the recommended action is to pause or defer installation on domain controllers in PAM-enabled environments. Microsoft is actively working on a resolution, so the long-term fix will come through a revised cumulative update. In the meantime, ensure you have healthy DCs in each domain that are not patched with KB5082063 to maintain authentication and directory availability. If removal is not possible due to compliance requirements, the only safe path is to wait for Microsoft’s official hotfix, as there is no supported registry or configuration workaround to suppress LSASS crashes in this scenario.

    I hope this information clarifies your question. If it does, please mark the answer as accepted or give it a thumbs up to let me know. Wishing you a great day ahead.

    Harry.

    Was this answer helpful?

    0 comments
  2. Q&A Assist
    2026-04-18T02:10:52.6366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The documented mitigation for this specific issue is to obtain and apply the mitigation package from Microsoft Support for business.

    For domain controllers that already have the April 2026 security update installed, as well as for those where the update has not yet been installed, IT administrators are instructed to contact Microsoft Support for business and request the mitigation associated with the LSASS crash/reboot-loop issue affecting environments with multiple domains using Privileged Access Management (PAM). The mitigation can be applied both post‑installation and pre‑installation of the April 2026 update.

    Microsoft is also working on a permanent fix that will be released in a future update; until that is available, the supported path is to use the mitigation provided by Microsoft Support.

    References:

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.