ITMS Administrator Group

 View Only
  • 1.  Task Server Unavailable RE MS22-01-W10-5009543

    Posted Jan 18, 2022 08:54 AM
    Good day all,

    We've been trying to fix the problems/mess caused by :

    Bulletin: MS22-01-W10-5009543, Update: windows10.0-kb5009543-x64.msu prevents endpoints from registering to task server (broadcom.com)

    (thanks Microsoft)

    Our SMP is working no problem, the primary site server is also working without a problem, but we have 2 other site servers that exhibit the symptoms described in this bulletin even after the KB's have been uninstalled, server restarted.  Clients are getting the exact same message and are unable to register to these Task Servers.

    Anyone have any other fixes, do we need to modify anything else? 

    Kind Regards,
    Dylan



  • 2.  RE: Task Server Unavailable RE MS22-01-W10-5009543

    Broadcom Employee
    Posted Jan 19, 2022 05:24 AM
    The problem is that "Negotiate" authentication provider is broken by MS update on every client, the provider does not downgrade the authentication method from Kerberos to NTLM in case Kerberos authentication cannot be performed for some reason. This is something that had worked since 8.5 RTM at least.
    So the fix is to make client use NTLM if you do not want to uninstall update on every client.
    Unfortunately the easiest way is to move NTLM provider up in the order in IIS settings on every server for every website/folder that requires authentication. NTLM should be higher than Negotiate.
    We're still working on how to approach the problem the best way.

    regards,
    sergei