Microsoft Update KB4012216 causing issues with STAS

Can you elaborate on what problems customers are seeing?  Crashes, event IDs, users needing to log in, anything more specific would be helpful.

Regards

Can you elaborate on what problems customers are seeing?  Crashes, event IDs, users needing to log in, anything more specific would be helpful.

Regards

MattLinzbach said:

Can you elaborate on what problems customers are seeing?  Crashes, event IDs, users needing to log in, anything more specific would be helpful.

Regards

 

The bug causes the domain controller to stop logging EventID 4768 which causes STAS to no longer register the account logon events and send them to the firewall.

Bob

From https://www.reddit.com/r/sysadmin/comments/5zs0nc/heads_up_ms_kb4012213_andor_ms_kb4012216_disables/?st=j0kh8ocn&sh=9fc2f9c1

We contacted Microsoft Premier Support and they informed us that it’s a bug in March updates and are working on fixing it. MS did supply us with this-

Suggested workaround:

The four audit policies you need to enable as a workaround to the bug are under Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon. All four policies under that heading should be enabled for Success and Failure:

Audit Credential Validation

Audit Kerberos Authentication Service

Audit Kerberos Service Ticket Operations

Audit Other Account Logon Events

When you enable those four policies, you should start to see the 4768/4769 Success events again.

Anyone having the issue cares to try?

Regards,

Giovani