Hi Gruber Lukas,
How is your issue going? Has it been resolved yet? If it has, please consider accepting the answer as it helps others sharing the same problem benefit too. Thank you :)
VP
Microsoft’s April update is triggering reboot loops on Windows Server domain controllers.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 78%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGL%3C/text%3E%3C/svg%3E)
Gruber Lukas
0
Reputation points
Anyone hit issues with the latest Patch Tuesday updates breaking domain controllers or causing reboot loops?
Windows for business | Windows Server | Devices and deployment | Configure application groups
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 16%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VPHAN 34,230 Reputation points Independent Advisor2026-04-24T06:44:19.8433333+00:00 -
VPHAN 34,230 Reputation points Independent Advisor
2026-04-22T14:37:35.88+00:00 Hi Gruber Lukas,
The root cause is a critical failure in the Local Security Authority Subsystem Service, located at
%SystemRoot%\System32\lsass.exe. To recover your environment, you must interrupt this cycle by booting into Directory Services Restore Mode (DSRM) or using an external recovery disk to reach the Command Prompt. Once at the command line, you must manually roll back the update using the Windows Update Standalone Installer tool. For Windows Server 2022, execute the commandwusa /uninstall /kb:5036908. For Windows Server 2019, usewusa /uninstall /kb:5036899.After the servers have stabilized, do not attempt to re-install the original April patches. You should navigate to the Microsoft Update Catalog and download KB5037422 for Windows Server 2022 or KB5037423 for Windows Server 2019. Installing these OOB versions ensures your domain controllers are protected against the latest vulnerabilities without risking further authentication service crashes.
Hope this answer brought you some useful information. If it did, please hit “accept answer”. Should you have any questions, feel free to leave a comment.
VP