VDA Machines Fail to Register After Microsoft Update KB5019966 or KB5019964

As Citrix will utilize Kerberos for Authentication, Registration and several other items, it’s important to check if the KB5019966 has been installed on the Domain Controllers, Citrix Delivery Controllers or Citrix Cloud Connectors. The updates to Kerberos can also have additional side effects like not being able to GPUpdate /Force, join a server to a domain, or anything else that may use Kerberos.

For additional details, Microsoft has released a Windows OS Patch for the Domain Controllers that makes corrections to the security vulnerabilities within Netlogon and Kerberos protocols outlined in CVE-2022-38023, CVE-2022-37966, and CVE-2022-37967. The errors were observed after implementing the specific update November 8, 2022—KB5019966 (OS Build 17763.3650) (microsoft.com), on Domain Controllers, Citrix Delivery Controllers and Citrix Cloud Connectors.

For deployment guidance on what this KB corrects, see the following:

  • KB5020805: How to manage the Kerberos Protocol changes related to CVE-2022-37967
  • KB5021130: How to manage Netlogon Protocol changes related to CVE-2022-38023
  • KB5021131: How to manage the Kerberos Protocol changes related to CVE-2022-37966

Related:

  • No Related Posts

Leave a Reply