MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

KB3002657: Uninstall the update if you are using Windows 2003 Domain Controller

Today we heard about an issue with the security update described in KB3002657 in a windows 2003 DC infrastructure.

Issue:

Microsoft security update released on March 10, 2015 by Microsoft (KB3002657) has an authentication issue.

Network users might be prompted for usernames and passwords for outlook again and again.

Microsoft has also mentioned that after you install this security update, you cannot access data on EMC Isilon clusters

Microsoft has also mentioned an NTLM login issue in the KB which I am sharing from the KB

===========================================================================

Symptoms

SMB/SMB2/SMB3 clients may experience logon failures
to an EMC Isilon cluster when they authenticate by using the NTLMSSP (NT LAN Manager Security Support Provider) provider. Data that resides on EMC Isilon clusters is unavailable to SMB/SMB2/SMB3 clients. This results in data unavailable (DU) failures. Authentication failures may also affect clients that try to access data through HTTP-based protocols such as RAN.

Cause

This issue occurs when Microsoft security update MS15-027 is installed on an Active Directory server that authenticates users and services that access an EMC Isilon cluster and when NTLM is used to authenticate these Active Directory domain users and services.

Note Authentication to an EMC Isilon cluster that uses the Kerberos protocol is not affected by this issue.

Workaround
Use the Kerberos protocol to authenticate Active Directory domain users.

================================================================

Microsoft has confirmed that this issue is occurring only in the Windows 2003 DC environments which are using NTLM authentication.

Workaround:

Microsoft has also recommended to uninstall the security patch from 2003 DC’s. Microsoft will be releasing the KB sooner.

We will update the blog as soon as we will hear more about the issue.

 

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru


7 Responses to “KB3002657: Uninstall the update if you are using Windows 2003 Domain Controller”

  1. Mike Says:

    This apparently affected our TFS-site aswell!

  2. Dustin Says:

    This also happened on a Server 2008 R2 Domain controller, uninstalling the patch and bouncing netlogon and lassoed on isilon corrected issue for me.

  3. Abhishek Kiran Says:

    Hi Prabhat,

    Thanks a lot for this article. Is it KB3003657 or KB3002657. Microsoft released a V2 for KB3002657

  4. Prabhat Nigam Says:

    Thank you Abhi – it is KB3002657.

    Updated the blog

  5. Sallu Says:

    I am facing the same authentication issue on EMC Isilon after installing KB3002657 patch on Windows 2008 R2 machines.
    What is the work around to resolve the problem.
    Thanks..

  6. Prabhat Nigam Says:

    You need to uninstall it and reinstall the updated patch. If you still see the issue then open a ticket with MS. They should not charge for this case

  7. Sallu Says:

    Ok Thank you Prabhat

Leave a Reply

ad

Categories

Archives