KB3002657: Uninstall the update if you are using Windows 2003 Domain Controller
Today we heard about an issue with the security update described in KB3002657 in a windows 2003 DC infrastructure.
Issue:
Microsoft security update released on March 10, 2015 by Microsoft (KB3002657) has an authentication issue.
Network users might be prompted for usernames and passwords for outlook again and again.
Microsoft has also mentioned that after you install this security update, you cannot access data on EMC Isilon clusters
Microsoft has also mentioned an NTLM login issue in the KB which I am sharing from the KB
===========================================================================
Symptoms
SMB/SMB2/SMB3 clients may experience logon failures
to an EMC Isilon cluster when they authenticate by using the NTLMSSP (NT LAN Manager Security Support Provider) provider. Data that resides on EMC Isilon clusters is unavailable to SMB/SMB2/SMB3 clients. This results in data unavailable (DU) failures. Authentication failures may also affect clients that try to access data through HTTP-based protocols such as RAN.
Cause
This issue occurs when Microsoft security update MS15-027 is installed on an Active Directory server that authenticates users and services that access an EMC Isilon cluster and when NTLM is used to authenticate these Active Directory domain users and services.
Note Authentication to an EMC Isilon cluster that uses the Kerberos protocol is not affected by this issue.
Workaround
Use the Kerberos protocol to authenticate Active Directory domain users.
================================================================
Microsoft has confirmed that this issue is occurring only in the Windows 2003 DC environments which are using NTLM authentication.
Workaround:
Microsoft has also recommended to uninstall the security patch from 2003 DC’s. Microsoft will be releasing the KB sooner.
We will update the blog as soon as we will hear more about the issue.
Prabhat Nigam
Microsoft MVP | Exchange Server
Team@MSExchangeGuru
March 16th, 2015 at 10:49 am
This apparently affected our TFS-site aswell!
March 23rd, 2015 at 3:46 pm
This also happened on a Server 2008 R2 Domain controller, uninstalling the patch and bouncing netlogon and lassoed on isilon corrected issue for me.
March 30th, 2015 at 5:52 am
Hi Prabhat,
Thanks a lot for this article. Is it KB3003657 or KB3002657. Microsoft released a V2 for KB3002657
May 7th, 2015 at 3:54 am
Thank you Abhi – it is KB3002657.
Updated the blog
May 10th, 2015 at 9:34 pm
I am facing the same authentication issue on EMC Isilon after installing KB3002657 patch on Windows 2008 R2 machines.
What is the work around to resolve the problem.
Thanks..
May 10th, 2015 at 9:50 pm
You need to uninstall it and reinstall the updated patch. If you still see the issue then open a ticket with MS. They should not charge for this case
May 10th, 2015 at 10:39 pm
Ok Thank you Prabhat