AuthLite Advisory 14 (2022 DCs *break* after 2023-10 Windows Update)
The "2023-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems" (KB5031364) makes changes in the kdcsvc.dll file on 2022 Domain Controllers that cause previous versions of AuthLite to break and prevent the DC from booting or authenticating users.
- Install AuthLite 2.4.14 or newer on your DCs to address this issue.
- Even though the issue only affects the 2022 DCs, it is generally preferable to update all DCs to eventually have them all running the same build.
- After installation, the DCs will not have problems with the 2023-10 update.
- For customers using AuthLite v2.5 please install 2.5.4 or newer, available from the Downloads page.
If your DCs applied the update already and you can't log in, the simplest workaround is:
- mount the filesystem of the affected machine and rename the file c:\Windows\System32\CSALsubauth.dll to any other name (e.g. append an underscore).
- After this, the AuthLite core will not load at next boot, and you should be able to boot and authenticate with your emergency break-glass account at least.
- At that point you can install version 2.4.14 (or newer),
- and reboot, everything should work as before.