The March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022 have been linked to significant issues affecting domain controllers, as reported by numerous Windows administrators. The problems stem from a memory leak in the Local Security Authority Subsystem Service (LSASS) process, which is critical for enforcing security policies and managing user logins and password changes. Specifically, updates KB5035855 and KB5035857 are causing domain controllers to freeze and reboot due to escalating LSASS memory usage. Reports from the field indicate that this issue has led to widespread outages, with administrators noting “constantly increasing lsass memory usage” until the affected systems become unresponsive.
Impact and Administrator Experiences
The memory leak issue has had a tangible impact on operations, with administrators reporting that all domain controllers within their networks crashed over a weekend, causing significant outages. The affected systems exhibited dramatically increased memory consumption by the lsass.exe process, eventually consuming all available physical and virtual memory resources, leading to system hangs. This has prompted urgent calls for a resolution, with one administrator revealing that Microsoft Support has recommended the removal of the problematic updates as an interim solution.
Temporary Solutions and Previous Incidents
While the community awaits an official response from Microsoft, a temporary workaround involves uninstalling the problematic updates from affected domain controllers. Administrators can achieve this by executing specific commands in an elevated command prompt environment. Additionally, the ‘Show or Hide Updates' troubleshooter is advised to prevent the reinstallation of these updates. This is not the first instance of LSASS-related issues; Microsoft addressed similar memory leak problems in December 2022 and March 2022, highlighting an ongoing challenge with maintaining the stability of domain controllers following updates.
As of now, Microsoft has yet to officially acknowledge the March 2024 issue or provide detailed guidance. The situation underscores the critical importance of thorough testing and validation of updates in enterprise environments to mitigate potential disruptions.
