Notebookcheck Logo

Microsoft fixes KB5082063 Windows Server domain controller reboot loops

Microsoft has released emergency out-of-band patches KB5091157 and KB5091575 to fix domain controller reboot loops triggered by the April 2026 security update KB5082063
ⓘ Microsoft.com
Microsoft has released emergency out-of-band patches KB5091157 and KB5091575 to fix domain controller reboot loops triggered by the April 2026 security update KB5082063
Microsoft has released emergency out-of-band updates KB5091157 and KB5091575 to fix LSASS crashes and domain controller reboot loops caused by the April 2026 KB5082063 update.
Windows Software Security Microsoft Desktop Laptop

Microsoft released an emergency fix on April 19, 2026, for a critical flaw in its April Patch Tuesday update KB5082063 that was sending Windows Server domain controllers into continuous reboot loops. 

The out-of-band update is KB5091157 (OS Build 26100.32698) for Windows Server 2025, and KB5091575 (OS Build 20348.5024) for Windows Server 2022. Both are available now via Windows Update, the Microsoft Update Catalog, and WSUS.

What was going wrong

KB5082063, released April 14, triggered crashes in the Local Security Authority Subsystem Service, known as LSASS, on non-Global Catalog domain controllers running in environments that use Privileged Access Management, or PAM. LSASS is the Windows component that handles authentication requests and enforces security policy across a domain. 

When it crashes during startup, the server restarts, hits the same crash, and restarts again, locking the machine in a loop. In some cases, the issue also appeared when setting up a new domain controller, or on servers that began processing authentication requests early in the boot sequence.

The result was that affected domain controllers could not authenticate any users or services, in some cases rendering the entire domain unavailable until the server was manually recovered.

Platforms affected

The issue affected domain controllers running Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server version 23H2. Personal devices and machines not managed by an IT department were not affected.

Three problems, one update

The reboot loop was the third known issue tied to KB5082063 within a week of its release. Microsoft had already confirmed the same update was triggering BitLocker recovery key prompts on first restart for some Windows Server 2025 and Windows 11 devices, and separately, that it was failing to install entirely on some Windows Server 2025 systems with error code 0x800F0983.

Despite the cluster of problems, Microsoft did not pull the update. KB5082063 patches 167 vulnerabilities, including two actively exploited zero-days, making a full rollback a significant security risk for enterprise environments.

This is the third consecutive April that Microsoft's monthly server update has disrupted domain controllers. In March 2024, an emergency fix was needed after that month's Patch Tuesday caused DC crashes outright. April 2024 broke NTLM authentication and forced unplanned restarts. April 2025 introduced Active Directory authentication problems that required a separate correction in June 2025.

Google LogoAdd as a preferred source on Google
Mail Logo
Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article

Related Articles

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 04 > Microsoft fixes KB5082063 Windows Server domain controller reboot loops
Darryl Linington, 2026-04-20 (Update: 2026-04-24)