Microsoft fixes Direct Access bug in Windows 10 and 11 • The Register

Microsoft continues to fix issues that surface after users install the latest updates to Windows 10 and 11 — including one that causes problems with the Direct Access remote connection feature.

Direct Access allows remote workers to connect to resources on the corporate network without using traditional VPN connections. It is designed to ensure remote clients are always connected without having to start and stop connections. IT administrators can also use Direct Access to remotely manage client systems when they are running and connected to the Internet.

However, some users who installed the KB5019509 update in Windows 10 or 11 could no longer connect to Direct Access after temporarily losing connection to the network or switching between Wi-Fi networks or access points, Microsoft wrote in its Windows Health Dashboard.

Microsoft is using the Known Issue Rollback (KIR) tool to resolve the issue, which can take up to 24 hours to make its way into unmanaged corporate systems and any consumer devices using the system. Restarting the affected Windows device could speed up the time frame.

For company-managed devices, IT admins can install and configure a special group policy, which can be found by going to Computer Configuration > Administrative Templates > Group Policy name listed below.

The bug affects clients running Windows 11 22H2 and 21H1, Windows 10 versions 22H2, 21H1 and 20H2, and Windows 10 Enterprise LTSC 2019. Windows Server 2022 and 2019 are also affected.

Updates released on November 8th or later updates on Windows servers with the role of domain controller to manage network and identity security requirements can develop problems with the Kerberos network authentication protocol.

Problems can include failed domain user logons, problems with Active Directory Federation Service authentication, problems with group managed service accounts that fail to authenticate, and remote desktop connections with domain users that won’t connect. Accessing shared folders on workstations and file shares on servers is another reported issue, and it appears that printer connections that require domain user authentication can also fail.

Windows systems with the error see a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 in the system tray of the event log on their domain controller.

That will come with a message that reads:

Microsoft said it is working on a fix that will be ready in the next few weeks.

Additionally, some systems running Windows 11 22H2 show slow performance in apps and games. According to Microsoft, the problem is that some of this code inadvertently enables performance debugging capabilities in GPUs. These should not normally be accessible to users.

Microsoft is locking affected devices to ensure they don’t install version 22H2 and is recommending that users who have already upgraded update their apps and games to the latest version available while the company works on a fix. ®