Microsoft Warns of Windows Domain Controller Restart Loops Following April 2026 Update
AI-generated from multiple sources. Verify before acting on this reporting.
Microsoft issued a global alert on April 17, 2026, warning that certain Windows domain controllers are entering restart loops after installing the company's April 2026 security updates. The issue affects non-Global Catalog domain controllers in environments utilizing Privileged Access Management (PAM) systems.
The problem stems from the Local Security Authority Subsystem Service (LSASS) crashing during startup. The crash occurs specifically after the installation of security update KB5082063. Microsoft stated that the service failure prevents the domain controller from completing its boot sequence, resulting in a continuous reboot cycle that disrupts network authentication and access controls.
The update, part of the regular monthly security patch cycle, was distributed to Windows Server environments worldwide. While the update addresses critical vulnerabilities, the unintended consequence has left some enterprise IT administrators scrambling to restore service stability. The issue is isolated to specific configurations where PAM solutions interact with the updated LSASS components.
Microsoft has identified the root cause as a conflict between the new security patch and third-party PAM software hooks. The company advises administrators to avoid installing the update on affected domain controllers until a fix is deployed. For systems already impacted, Microsoft recommends rolling back the update or applying a specific workaround to disable the problematic PAM integration temporarily.
The incident highlights the complexity of managing security patches in enterprise environments where third-party security tools are deeply integrated into core operating system functions. IT teams are urged to review their domain controller configurations and verify PAM compatibility before proceeding with the update on critical infrastructure.
Microsoft has not yet released a permanent patch to resolve the LSASS crash. The company is working on a revised version of the update that will address the compatibility issue without reverting the security fixes included in KB5082063. Until then, organizations must weigh the risks of unpatched vulnerabilities against the operational disruption caused by the restart loops.
The situation remains fluid as administrators assess the scope of the impact across their networks. Microsoft continues to monitor reports of affected systems and is expected to provide further guidance as the situation develops. The timeline for a permanent resolution has not been announced.