[German]There seems to be a problem with the November 2022 security updates for Windows. At least for Windows 11 22H2, I have reports that DirectAccess connections in the network no longer work after the update installation. But there are also indications that the problem occurs on Windows 10. I'll take it up here on the blog in case there are affected people among the blog readership.
Advertising
Windows updates in November 2022
As of November 8, 2022, yes, a number of security updates have been released for Windows versions in support. In addition, there were preview updates from October 25, 2022. Which updates these are can be found out via the blog posts linked at the end of the article.
What is DirectAccess?
DirectAccess is a proprietary solution from Microsoft that was first introduced in Windows 7 / Windows Server 2008 R2 (see), then improved in Windows 8.1 / Windows Server R2, but is also supported in current Windows versions. It is a VPN-like solution that transfers data via IPv6 using an IPsec tunnel. To access IPv4 servers, DirectAccess uses bridging technologies. Unlike VPN, DirectAccess does not require a user to initiate a connection, but automatically connects to the corporate network when the computer starts up if a client is outside the corporate network. By automatically connecting clients to the network, it is possible to manage external computers for companies.
DirectAccess, Source: Microsoft
When a client computer starts, it tries to reach the "Network Location Server" (NLS) (is a website accessible in the domain network, which can be provided by any web server). Connections to corporate networks without domains are also possible. DirectAccess allows user-independent authentication of the device. Microsoft has provided this web site with documentation of DirectAccess – a comprehensive explanation of the functionality is provided e.g. by Wikipedia.
DirectAccess fails after updates
German blog reader Bembel pointed out problems with DirectAccess as a result of the November 2022 security updates for Windows in this German comment and referred to the forum post DirectAccess keeps reconnecting after installing Windows 11 updates at Microsoft. There, an affected person has reported and writes:
Advertising
DirectAccess keeps reconnecting after installing Windows 11 updates
After installing the following updates on Windows 11 22H2 DirectAccess state remaining Connecting after disconnect/connect a network:
- KB5018427
- KB5019509 (adds tabs to Explorer, taskbar overflow menu)
- KB5019980
These updates are tested stand-alone and after each other and/or different sequence, all resulting in a DirectAccess state remaining Connecting.
Anybody any idea what is causing this? A reboot of the laptop resolves the issue momentarerly but if the network disconnects/connects (drop on Wifi e.g.) the DirectAccess never connects again and another reboot is necessary. The issue is also on Windows 10, caused by at least these updates; KB5020953 and KB5019959.
The post refers to Windows 11 22H2, and after the update installation, DirectAccess connection is no longer possible. However, the user writes that the whole thing also occurs on Windows 10 with updates KB5020953 (is an update from October, see) and KB5019959 (Windows 10 version 20H2-22H2). Another user confirms this issue for update KB5019964 (Windows 10 1607).
In the course of the discussion, other users have come forward who have observed these issues for various updates. Depending on the Windows version, there are different error patterns. Windows 11 systems do not connect at all when fully patched. Windows 10 clients connect on first boot, but have the problem of missing reconnect when they lose WiFi signal or wake up from hibernation, the whole thing gets stuck on Direct Access connection setup. Rebooting fixes the problem temporarily until the client loses its network connection again. Removing last month's updates fixes the problem. A German blog reader also confirms this problem here. Anyone else affected?
Addendum: Microsoft has confirmed the issue and provided a Known Issues Rollback (KIR) fix for some Windows versions – see Microsoft confirms Direct Access issues after Nov. 2022 updates
Similar articles:
Microsoft Security Update Summary (November 8, 2022)
Patchday: Windows 10-Updates (November 8, 2022)
Patchday: Windows 11/Server 2022-Updates (November 8, 2022)
Windows 7/Server 2008 R2; Windows 8.1/Server 2012 R2: Updates (November 8, 2022)
Windows 10 20H2-22H2 Preview Update KB5018482 (Oct. 25, 2022)
Windows 11 22H2: Preview-Update KB5018496 (Oct. 25, 2022)
Windows 11 21H2: Preview Update (Oct. 25, 2022)
Windows Server 2022 Preview Update KB5018485 (Oct. 25, 2022)
Updates for Windows (Nov. 2022): Changes in Netlogon and Kerberos protocol – causing issues
Advertising
November 22 updates are causing the same problem across our enterprise. Direct Access is dropping in the same fashion. Looking for solutions, rather than just empathy though! Hoping this rises to Microsoft's update team so we get it resolved.
We're having the same issue with Direct Access not re-connecting on Windows 10 22H2 and 21H2. Uninstalling KB5019959 solves the problem for now.
Will blog about a KIR fix. Update: See my addendum at the end of the blog post.
I've tried the KIR fix described in https://learn.microsoft.com/en-us/windows/release-health/resolved-issues-windows-10-22h2#2955msgdesc
Unfortunately it didn't solve the problem for me.
My mistake. At first I set the policy to enabled instead of disabled. After changing it the KIR fix works and DA reconnects just fine.
I have a pending call in to MS Support about this. Had some devices that had to have their updates removed, where most are "unaffected" or have been fixed by reboots.
Will try to update if I ever get a response from MS Support.