Windows 10 Devices Using Kerberos Realms May Fail to Start Up

Microsoft is currently investigating a bug which may prevent Windows 10 devices using MIT Kerberos realms to start-up or enter a restart loop after installing a recent cumulative update.

Kerberos is the default authentication protocol on all Windows versions above Windows 2000 for domain controlled devices and it replaces the NTLM authentication protocol.

Authentication protocols enable authentication of users, computers, and services, while the authentication process makes it possible for authorized users and services to access resources in a secure manner.

Impacted Windows 10 platforms

Domain connected Windows 10 devices using MIT Kerberos realms affected by this newly acknowledge issue include both domain controllers and domain members as explained by Microsoft.

The client and server platforms impacted by this issue are listed in the table below together with the cumulative updates causing the problems after installation:

Affected platforms
Client Server Originating update
Windows 10, version 1903 Windows Server, version 1903 KB4497935
Windows 10, version 1809 Windows Server, version 1809/Windows Server 2019 KB4505658
Windows 10 Enterprise LTSC 2019   N/A
Windows 10, version 1803 Windows Server, version 1803 KB4507466
Windows 10, version 1709 Windows Server, version 1709 KB4507465
Windows 10, version 1703   KB4507467
Windows 10 Enterprise LTSC 2016   N/A
Windows 10, version 1607 Windows Server 2016 KB4507459

Checking if a Windows 10 device is affected

Redmond also says that users who don't know if their devices are impacted by this issue should contact their system administrator and ask for more details.

Advanced Windows 10 users can check on their own if their devices are affected by checking if the following registry key exists on their system:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\MitRealms

Another method to find out if a Windows 10 device may be impacted by this bug is to look for the "Define interoperable Kerberos v5 realm settings" policy under Computer Configuration > Policies > Administrative Templates > System > Kerberos.

For now, Microsoft recommends that "devices in an affected environment do not install" the problematic cumulative updates.

Microsoft working on a resolution

Redmond's developers are currently working on a resolution for this newly acknowledged issue, with an estimated solution to be available during mid-August.

Today, Microsoft also added a new compatibility hold on Windows 10 devices preventing them from upgrading to Windows 10 1903 if using older Intel Rapid Storage Technology (Intel RST) drivers.

This safeguard has been put in place to prevent users of incompatible devices from experiencing either degraded performance or various issues after installing the Windows 10 May 2019 Feature Update.

Related Articles:

Windows 10 Insider Build 18945 Brings a New Cortana Experience

Windows 10 1903 Update Blocked by Old Intel Rapid Storage Drivers

Leak of Internal Windows 10 Build Gives a Peek at New Features

Microsoft Wants You to Call Windows 10 Devs About Edge and Outlook

Windows 10 SmartScreen Sends URLs and App Names to Microsoft