KB5021657: Out-of-band update for Windows Server 2008 SP2: November 17, 2022
Applies To
Release Date:
11/17/2022
Version:
Out-of-band update
Summary
This update includes improvements for the following issue:Â
- 
              Addresses a known issue that affects Windows Servers that have the Domain Controller (DC) role. They might have Kerberos authentication issues if both of the following are true: - 
                  You installed a Windows update on or after November 8, 2022 on the DC. 
- 
                  You configured the SupportedEncrytionType key to remove the RC4 cipher at a domain level or on individual account. 
 You might receive Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 errors. These appear in the System section of the Event Log on your DC. The affected events include the text, "the missing key has an ID of 1".Note This issue is not an expected part of the security hardening for Netlogon and Kerberos starting with November 2022 security update. You must still follow the guidance in the listed articles. 
- 
                  
Known issues in this update
We are currently not aware of any issues that affect this update.
How to get this update
Before installing this update
Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Customers who have purchased the Extended Security Update (ESU) for on-premises versions of this OS must follow the procedures in KB4522133 to continue receiving security updates after extended support ended on January 14, 2020. For more information about ESU and which editions are supported, see KB4497181.Â
Because ESU is available as a separate SKU for each of the years in which they are offered (2020, 2021, and 2022)—and because ESU can only be purchased in specific 12-month periods—you must purchase the third year of ESU coverage separately and activate a new key on each applicable device for your devices to continue receiving security updates in 2022.
If your organization did not purchase the third year of ESU coverage, you must purchase Year 1, Year 2, and Year 3 ESU for your applicable Windows Server 2008 SP2 devices before you install and activate the Year 3 MAK keys to receive updates. The steps to install, activate, and deploy ESUs are the same for first, second, and third year coverage. For more information, see Obtaining Extended Security Updates for eligible Windows devices for the Volume Licensing process and Purchasing Windows 7 ESUs as a Cloud Solution Provider for the CSP process. For embedded devices, contact your original equipment manufacturer (OEM).
For more information, see the ESU blog.
For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.Â
To view other notes and messages for Windows Server 2008 SP2, see the following update history home page.
Get this update
| Release Channel | Available | Next Step | 
| Windows Update and Microsoft Update | No | See the other options below. | 
| Microsoft Update Catalog | Yes | To get the standalone package for this update, go to the Microsoft Update Catalog website. | 
| Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager | No | You can manually import these updates into Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog. | 
File information
For a list of the files that are provided in this update, download the file information for update KB5021657.
References
Learn about the standard terminology that is used to describe Microsoft software updates.
 
                         
				 
				