Be aware for latest patch day releases as they might break some functionality that you currently have in your infrastructure. October patch day KB KB5020276 breaks the domain join. There is a valid workaround but it introduces the CVE-2022-38042 so take proper approvals from security before applying it into your infrastructure.
November patch day bring some additional Kerberos authentication breaks, causing enterprise domain controllers to experience Kerberos sign-in failures and other authentication problems.
In the latest release, Kerberos replaced the NTLM protocol as the default authentication protocol for domain-connected devices on all Windows versions above Windows 2000.
This affects not only servers but also workstations:
- Client: Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2 or later, and Windows 11 21H2 or later
- Server: Windows Server 2008 SP2 or later, including the latest release, Windows Server 2022.
