LANDESK Security and Patch News
· (April 25, 2016) Microsoft has released KB3103709 which is an update for Windows Server 2012 R2-based domain controller.
The following issues are fixed in this update:
Issue 1 Faster inserts to Active Directory change notification queue delays servicing of Asynchronous Thread Queue (ATQ) thread pool, LDAP queries, and notification based replication.
When this condition is true, domain controller (DC) Local Security Authority Subsystem Service (LSASS) consumes 100% CPU usage. The following operations are blocked when change notification queues develop on a given DC:
Active Directory Replication triggered by change notification is delayed.
ATQ thread registration or unregistration is delayed.
Writes to the DC are blocked.
When the insertion string is ongoing, the processing of the notification queue is also blocked. Notification based replication is blocked during this operation.
CPU usage for the LSASS process runs cold on DCs as all multiple operations are blocked and the only thread gets CPU time as Active Directory replication.
Issue 2 Renames of domain-joined SQL server member computers fails with error "The directory service is busy".
Can't rename a domain-joined computer, the rename fails with the following error message:
The directory service is busy
For more information about this issue, see update 3152220.
A single logon attempt on the website is counted as two logon attempts in Active Directory. Therefore, count of incorrect password increases by two instead of by one.
Issue 4 LSASS occurs access violation together with error "0xc0000005" on Windows Server 2012 R2 DCs targeted by Azure AD Connect identity sync clients that run "Full Import".
When a user runs "Full Import" on Azure AD Connect identity sync client against a Windows Server 2012 R2-based DC, access violation occurs on LSASS process, and the DC restarts with error code "0xc0000005". This issue occurs when the Active Directory Recycle Bin is disabled.
For more information about this issue, see update 3145339.
Lsass.exe crashes on DC when a user runs a recursive Lightweight Directory Access Protocol (LDAP) query against an Active Directory group.
Please visit the following page for more details: https://support2.microsoft.com/kb/3103709
· Vulnerability ID – 3103709_MSU
· Vulnerability ID – N/A
New Patch Downloads
Where to Send Feedback
At LANDESK, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future. Please continue to provide feedback by contacting our local support organization.
LANDESK Product Support
Copyright © 2016 LANDESK Software. All rights reserved. LANDESK is either a registered trademark or trademark of LANDESK Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.
Information in this document is provided for information purposes only. The information presented here is subject to change without notice. This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDESK disclaims any liability with respect to this document and LANDESK has no responsibility or liability for any third party products of any content contained on any site referenced herein. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visithttp://www.LANDESK.com.