Microsoft marks as 'resolved' the infamous Windows Server 2025 upgrade debacle that plagued administrators for over a year, though the fix introduces new boot loop issues for domain controllers using Privileged Access Management.
More than a year after giving administrators an unwelcome surprise with a security update that turned out to be a Windows Server 2025 upgrade, Microsoft has marked the incident as "resolved." As far as the company was concerned, the issue was "mitigated" shortly after being reported, but it has taken Microsoft well over a year to declare it resolved.
The fix came with KB5082063, a cumulative update that, in true Microsoft style, has problems of its own. The issue that emerged in 2024 was every sysadmin's nightmare. Affected Windows Servers were quietly and automatically upgraded to Windows Server 2025. Worse, there was no obvious way to roll things back.
Microsoft blamed this on third-party products used to manage updates for clients and servers. The company said: "The Windows Server 2025 feature update was released as an Optional update under the Upgrade Classification: 'DeploymentAction=OptionalInstallation'. Feature update metadata must be interpreted as Optional and not Recommended by patch management tools."
The company's explanation at the time did not sit well with some vendors and administrators, and several Register readers told us that servers not running any third-party update services still received an overnight surprise upgrade.
Microsoft announces product it doesn't want anyone to buy Microsoft's massive Patch Tuesday: It's raining bugs Microsoft raises UK Surface prices as RAM crisis reaches the checkout Microsoft sends Outlook Lite to the great inbox in the sky as memory costs skyrocket
More than a year later, Microsoft has set the "Resolved" flag thanks to a cumulative update that also introduces another issue. It said: "After installing this update, non‑Global Catalog (non‑GC) domain controllers (DCs) in environments that use Privileged Access Management (PAM) might experience LSASS crashes during startup."
"As a result, affected DCs might restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable."
Repeated domain controller reboots are unlikely to reassure administrators already concerned about update quality. Microsoft has promised a fix for the problem "in the next coming days."
The company has had a difficult few months in terms of software quality. This is despite Windows boss Pavan Davuluri penning a lengthy post intended to reassure users that Microsoft was working to improve reliability. Instead, it appears to have continued to introduce new and exciting ways for the operating system to fall over, even in server guise.
Still, it has at least addressed the problem of Windows Server 2025 turning up uninvited, even if it took over a year. ®
The 14-Month Nightmare: How It All Started
The saga began in early 2024 when Windows Server administrators across the globe woke up to find their systems had been upgraded to Windows Server 2025 overnight. The upgrade was particularly problematic because:
- It occurred without explicit administrator approval
- There was no straightforward rollback mechanism
- Production systems were suddenly running an untested version
- Critical applications broke due to compatibility issues
The timing couldn't have been worse for many organizations, with some reporting that the upgrade occurred during peak business hours, causing significant downtime and revenue loss.
Microsoft's Shifting Blame Game
Initially, Microsoft attempted to deflect responsibility by pointing fingers at third-party patch management tools. The company's statement that "Feature update metadata must be interpreted as Optional and not Recommended by patch management tools" was met with widespread skepticism from the IT community.
Administrators quickly pointed out that:
- Many affected systems weren't using third-party update tools
- The upgrade bypassed standard Windows Update Group Policy settings
- The behavior violated Microsoft's own documentation on update classifications
This blame-shifting strategy only served to further erode trust in Microsoft's update processes, particularly for enterprise environments where stability is paramount.
The KB5082063 Fix: One Problem Solved, Another Created
The cumulative update KB5082063 that Microsoft released to address the rogue upgrade issue has itself introduced a new problem, particularly affecting organizations using Privileged Access Management (PAM) solutions.
The New Boot Loop Issue
For environments with non-Global Catalog domain controllers using PAM, the update can cause LSASS (Local Security Authority Subsystem Service) crashes during startup. This leads to:
- Repeated domain controller reboots
- Authentication failures across the domain
- Directory services becoming unavailable
- Potential domain-wide outages
Microsoft acknowledged the issue, stating that affected DCs "might restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable."
The Broader Context: Microsoft's Quality Crisis
This incident is part of a larger pattern of quality issues that Microsoft has faced over the past year. Despite public commitments from leadership to improve reliability, the company has continued to ship updates with significant problems.
Recent examples include:
- Patch Tuesday updates that introduced more bugs than they fixed
- Surface hardware price increases due to component shortages
- The discontinuation of Outlook Lite amid memory cost concerns
The Windows Server 2025 upgrade debacle, combined with the new boot loop issue in the fix, highlights the ongoing challenges Microsoft faces in maintaining quality control across its vast product portfolio.
What This Means for Enterprise IT
For enterprise IT departments, this saga underscores several important lessons:
Never trust automatic updates for critical infrastructure - The incident reinforces the need for rigorous testing and staged deployment of updates, even from trusted vendors.
Maintain rollback capabilities - Organizations should ensure they have tested procedures for reverting system changes, even when vendors claim this isn't possible.
Diversify vendor relationships - Over-reliance on a single vendor for critical infrastructure increases risk when that vendor experiences quality issues.
Document everything - The lack of clear documentation from Microsoft about what happened and why made troubleshooting significantly more difficult for affected organizations.
The Road Ahead
While Microsoft has finally marked the original issue as "resolved," the introduction of new problems with the fix means that many organizations are still dealing with the fallout. The promised fix for the boot loop issue is expected "in the next coming days," but skepticism remains high.
For now, administrators are left to weigh the risks of applying the current fix against the potential for domain controller instability. Some may choose to delay implementation until the promised follow-up patch arrives, while others may need to implement workarounds to maintain business continuity.
The Windows Server 2025 upgrade saga serves as a cautionary tale about the risks of automatic updates and the importance of maintaining control over critical infrastructure changes. As Microsoft continues to push toward more automated update models, incidents like this may become more frequent unless the company can demonstrate improved quality control and transparency.
For enterprise IT professionals, the lesson is clear: trust, but verify. Even when updates come from the most trusted names in technology, thorough testing and validation remain essential practices for maintaining system stability and security.
Comments
Please log in or register to join the discussion