Microsoft confirmed that after installing the April 2026 security update (KB5082063), some Windows domain controllers using Privileged Access Management are entering restart loops due to LSASS crashes during startup. The problem affects non‑Global Catalog DCs across multiple Windows Server releases and may also cause KB5082063 install failures and BitLocker prompts on some Server 2025 devices, so administrators should contact Microsoft Support for mitigation. #LSASS #KB5082063
Keypoints
- April 2026 update KB5082063 can trigger LSASS crashes that cause domain controllers to restart repeatedly.
- Non‑Global Catalog domain controllers in environments using Privileged Access Management are primarily affected.
- Impacted platforms include Windows Server 2025, Windows Server 2022, Windows Server 23H2, Windows Server 2019, and Windows Server 2016.
- New domain controllers or servers that process authentication very early in startup are also at risk.
- Microsoft is investigating a fix and advises contacting Microsoft Support for Business for mitigation; some Server 2025 systems may fail KB5082063 installs or prompt for BitLocker keys.