New Windows Server Updates Cause Boot Loops and Stop Hyper-V

The latest Windows Server updates are causing serious problems for administrators, with domain controllers spontaneously rebooting, Hyper-V not booting, and ReFS volumes inaccessible until the updates are rolled back

Yesterday, Microsoft released the update to Windows Server 2012 R2 KB5009624, the update of Windows Server 2019 KB5009557 and the update of Windows Server 2022 KB5009555 as part of January 2022 Patch Tuesday.

After installing these updates, administrators have faced various issues that are only resolved after removing the updates.

Read more:

DNS client over HTTPS (DoH) on Windows 11 and Windows Server 2022
Lower the functional level of your domain or forest on Windows Server
How to Upgrade Windows Server 2012 R2 Standard to Windows Server 2016 Datacenter
How to implement Azure AD Password Protection?
Windows 10 Printer Bug Worsens After New Update

Windows Domain Controller Boot Loops

The most serious problem introduced by these updates is that Windows domain controllers go into a boot loop, with servers going into an endless cycle of booting Windows and rebooting after a few minutes.

As first reported by  bornCity , this issue affects all supported versions of Windows Server.

“It appears that KB5009557 (2019) and KB5009555 (2022) are causing domain controllers to fail, which keep restarting every few minutes”, posted a  user  on Reddit.

A Windows Server administrator told BleepingComputer that they see the LSASS.exe process use all the CPU on a server and then terminate.

As LSASS is a critical process necessary for Windows to function properly, the operating system will automatically restart when the process is terminated.

The following error will be logged in the event viewer when restarting due to a failing LSASS process as another user  on Reddit  shared.

“The wininit.exe process initiated the restart of the computer [computername] on behalf of the user for the following reason: No title for this reason was found Reason code: 0x50006 Shutdown type: restart Comment: System process 'C:\WINDOWS \system32\lsass.exe' unexpectedly terminated with status code -1073741819. The system will now shut down and restart.”

Hyper-V no longer starts

In addition to boot loops, BleepingComputer has been told by Windows administrators that after installing patches, Hyper-V no longer starts on the server.

This bug mainly affects Windows Server 2012 R2 server, but other unverified reports say that it affects newer versions of Windows Server.

Since Hyper-V does not start, when trying to start a virtual machine, users  will receive an error  reporting the following:

"Virtual machine xxx could not be started because the hypervisor is not running."

Microsoft released security updates to fix four different Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are likely causing this issue.

ReFS file systems are no longer accessible

Finally, several administrators are reporting that Windows Resilient File System (ReFS) volumes are no longer accessible or are seen as RAW (unformatted) after installing updates.

Resilient File System (ReFS) is a proprietary file system from Microsoft that is designed for high availability, data recovery, and high performance for very large storage volumes.

“I installed these updates tonight, on a two-server Exchange 2016 CU22 DAG, running on Server 2012 R2. After a very long reboot, the server came back with all ReFS volumes as RAW”,  explained  a Microsoft Exchange admin on Reddit.

“Attached NTFS volumes were fine. I realize this is not exclusively an exchange issue, but it is affecting my ability to bring services to Exchange online again.”

Uninstalling Windows Server updates made the ReFS volumes accessible again.

Yesterday, Microsoft patched seven remote code execution vulnerabilities in ReFS, with one or more likely behind inaccessible ReFS volumes.

These vulnerabilities are tracked as CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022 -21928.

How to fix?

Unfortunately, the only way to fix these issues is to uninstall the corresponding cumulative update for your version of Windows.

Administrators can do this using one of the following commands:

Windows Server 2012 R2: wusa /uninstall /kb:KB5009624 Windows Server 2019: wusa /uninstall /kb:KB5009557 Windows Server 2022: wusa /uninstall /kb:KB5009555

Because Microsoft bundles all security fixes into a single update, removing the cumulative update may fix bugs, but it will also remove all fixes for newly patched vulnerabilities.

Therefore, uninstalling these updates should only be done if absolutely necessary.

Windows 10 and Windows 11 updates are also breaking L2TP VPN connections.

reference: Bleeping Computer

Was this article helpful?

To maintain a quality standard for you, we have invested in a great hosting plan, Paid CDN, Website Optimization Plugins, etc ...

Help us to keep the project active! 

Follow the news in real time. Follow our Instagram profile..

Felipe Santos
Felipe Santos is a Cloud and Security Architect, with experience in Windows Server, Cluster, Storages, Backups Veeam and Office 365 environments.



Do you want to upgrade your career? 

Invest in yourself and get ahead! Get that dream job in 2022!