A recent wave of Windows updates has sparked chaos among administrators, leading to crashes in domain controllers (DCs) and causing issues with Exchange Servers.
The root cause of these problems has been identified as a memory leak introduced with the March 2024 Windows Server security updates (KB5035855 and KB5035857). This issue, centered around the Local Security Authority Subsystem Service (LSASS), causes affected servers to freeze and reboot – among other things.
Thankfully, our experts are here to break this down for us and provide actionable steps you can take to protect your IT infrastructure and business.
Windows Updates Cause LSASS Memory Leak
Administrators are highlighting a concerning trend of increasing LSASS memory usage following the installation of the March 2024 updates. This memory leak, reminiscent of a similar issue in November 2022, has been observed across various environments, regardless of the Exchange or Windows Server version. These issues impact not only DCs, but are also affecting Exchange Servers.
Impacts on DCs
Impacted servers are experiencing unexpected freezes and restarts, with LSASS memory usage ballooning to the point of consuming all available physical and virtual memory. This disruption has led Microsoft to confirm the issue as a known bug, disrupting DC servers across multiple Windows Server versions, including 2012 R2, 2016, 2019, and 2022.
Microsoft has acknowledged the severity of the issue and is actively working on a fix. In the meantime, we advise administrators to uninstall the problematic updates as a temporary workaround by running specific commands to remove the updates from affected DCs.
The Exchange Server Conundrum
While removing these updates should resolve the issues with DCs, we warn administrators that it may not fully address problems with Exchange Servers. The complexity of Exchange environments presents unique challenges, and administrators may need to explore additional troubleshooting steps to ensure the stability of Exchange services.
Need assistance removing these updates from affected DCs or troubleshooting Exchange? Contact us today to get started!
Recommendations For Administrators
Given these developments, administrators should remain vigilant and proactive in managing their systems. It’s crucial to monitor LSASS memory usage and implement temporary workarounds to minimize the impact of the memory leak issue. Additionally, administrators overseeing Exchange Servers should exercise caution and consider consulting with Microsoft support or your Mirazon Account Manager for any additional questions.
This is an evolving story. Stay tuned – we will be updating this blog as more information becomes available.
If you need assistance dealing with Windows updates, or tackling the DC and Exchange Server issues, please contact us by calling (502) 240-0404 or emailing info@mirazon.com.