If you encounter a Windows Server 2012 reboot loop issue, let me share a workaround for it. The workaround here is to uninstall the updates or interrupt the boot and use Safe Mode.
Update – Microsoft released the Windows Server 2012 R2 KB5009624 update, Windows Server 2019 KB5009557 update, and Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday. Installing these updates will cause Windows domain controller boot loops.
The updates also affect the Hyper-V servers and most admins have observed the Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back.
Note: All these AD patches are bad, seeing tons of wacky and unexpected behavior after install
- KB5009624 – Applies to Windows Server 2012
- KB5009557 – Applies to Windows Server 2019
- KB5009555 – Applies to Windows Server 2022
Windows Domain Controller Boot Loops Issue
Installing the updates KB5009624, KB5009557 and KB5009555 are causing the domain controllers to reboot and cause the boot loops. These updates are impacting the LSASS.exe process that use all the CPUs on a server and then ultimately terminate.
As LSASS.exe is a critical process on Windows Server required to operate correctly. The server operating system will automatically restart when the process is terminated and cause Windows Server 2012 reboot loop.
The Windows domain controller server boot loops issue is reported on Reddit by a user who says January 2022 updates causing unexpected reboots on domain controllers. Looks like KB5009557 (2019) and KB5009555 (2022) are causing something to fail on domain controllers, which then keep rebooting every few minutes.
After installing the updates KB5009624, KB5009557 or KB5009555, Windows Server 2012 reboot loop issue occurs and the following details are logged in the event viewer.
"The process wininit.exe has initiated the restart of computer [computer_name] on behalf of user for the following reason: No title for this reason could be found Reason Code: 0x50006 Shutdown Type: restart Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart."
Fix January 2022 Updates Domain Controller Boot Loop Issue
If you have updated the domain controllers with the January 2022 updates, the only way to fix the domain controller reboot issue is by uninstalling the updates.
If you have installed any of these updates on Hyper-V servers, you may encounter the following error while powering on the VMs.
“Virtual machine xxx could not be started because the hypervisor is not running.”
System admins managing the Windows Servers can manually uninstall the updates with the following commands.
Windows Server 2012 R2: wusa /uninstall /kb:KB5009624
Windows Server 2019: wusa /uninstall /kb:KB5009557
Windows Server 2022: wusa /uninstall /kb:KB5009555
Note: Some users are noticing that from the above command removing the KB prefix from the command works. So, you can use the below commands if the above ones don’t work.
Windows Server 2012 R2: wusa /uninstall /kb:5009624
Windows Server 2019: wusa /uninstall /kb:5009557
Windows Server 2022: wusa /uninstall /kb:5009555
If your Windows Server 2012 goes into boot loop, don’t worry because a lot of IT admins are actually dealing with the same issue. It’s not your fault, either, it’s an update that has caused the reboot loop on your Windows Server 2012.
We have still got few VM’s running Windows Server 2012 while most of the VMs are running 2012 R2 and above. Today, on two VMs’s running SCCM distribution point role, I noticed the reboot loop issue.
After restarting the VMs I never saw any login screen. It just stays at “please wait” and then the server restarts.
If you do a bit of research on why this reboot loop issue occurs, you will find a lot of info on the web. A reboot loop on Windows Server 2012 could be due to the installation of the Servicing Stack Update (KB4523208). In this thread, one of the users identified the Malicious Software Removal Tool (MSRT) update, KB890830, as the cause of the installation loop.
The workaround here is to interrupt the boot and use Safe Mode. It will still reboot at the same stage trying to boot into safe mode but next boot works.
Fix Windows Server 2012 Reboot Loop Issue
To fix the Windows Server 2012 boot loop issue, perform the following steps.
- First of all restart the VM or machine running Windows Server 2012.
- Go to Advanced Boot Options by pressing F8 key.
- Under Advance boot options, select Safe Mode and press enter key.
- Once the OS boots in safe mode, don’t login. Reboot the Windows Server again.
- This time let the server start normally. You should see a login screen.
Thanks! This was really helpful. I had two 2012R2 in an inusual reboot loop and we were sort of desperate. Thanks!
Hi Prajwal,
i am new to wsus,plz guide me how can i verify new upgrades release,is it safe to install?
Plz share me web link it will be helpful.
Hey Naveen,
I recommned to you , create a new server group for test and link the gpo for deployment to your OU group.
Thanks.
When I googled this issue I saw that this affects 2 or more AD. What’s the reason that it happens 2 or more only?
In our environment, when we patched the first 2 we did not encounter the issue, but when we patch the 3rd AD then it happened on all AD.
When I googled this I saw that this affects 2 or more AD. What’s the reason that it happens 2 or more only?
In our environment, the when we patched the first 2 we did not encounter have the issue, but when we patch the 3rd AD then it happen on all AD.
Hi
I also had this problem on domain controller sites with 2012 and installed 5009624, but the server reset after 1 minute after each boot, and it was the same with the safe mode that I had to boot the server with a safe mode with command prompt.
But the other point for me was that after deleting 5009624, the problem was not solved again and by deleting 50009595, the problem was solved!
Slight fix. You have an extra 0 in the second KB. Should be 5009595 and was the exact one that was causing my issues as well. Also saves me from systematically uninstalling the rest.
bro
problem solved by deleting which update? this one 50009595 is not exist would you please write it again?
Thanks Mate, helped me out
How do i remove it from Microsoft Endpoint Configuration Manager? it keeps applying it.
I take it that I need to remove it from Endpoint then uninstall it from the servers manually. is that correct? I’m not familiar using endpoint
Thanks so much for this. It worked for me. I was seeing this issue with Windows Server 2012 R2… I had *just* enough time to open a command prompt and enter the following:
wusa /uninstall /kb:5009624
And then the stand-alone uninstall worked its magic. (I think the uninstall might have blocked the server from rebooting again.) Anyways, after another reboot, this issue is now fixed.
Hard to understand why this issue wasn’t caught by Microsoft before the patch was released.
Thank you. We were facing issue with one of our domain controller and the fix worked for me.
Really Thanks! We were going crazy.
Thanks again
Thank you! This was very helpful 🙂
I uninstalled the update using the “wusa” command as you stated and it worked fine. I had to remove the KB prefix from the command, so I wrote:
wusa /uninstall /kb:5009624 for Windows Server 2012 R2
and
wusa /uninstall /kb:5009586 for Windows Server 2012
Petya
Uninstalling did not solve the problem. The only way that I manage to sort was:
– Unplug the server
– Copy configuration from DHCP and NPS
– Transfer FSMO Roles from failed server to other domain controller. (Window of 3 minutes…)
– Remove failed server from AD.
Hi Prajwal,
You’re a lifesaver! Thank you so much for the fix.
This seems to happen when 2 or more DCs have the update installed. To stop the boot loop without booting in safe mode disconnect the DC from the network, uninstall the update and reconnect.
You saved my day. I do appreciate your help.
I uninstalled the update using the “wusa” command as you stated and it worked like a charm. I had to remove the KB prefix from the command, so I wrote eventually:
wusa /uninstall /kb:5009624
Regards,
Jesús Ángel.
Thank you. I have updated the post.
Good After Prajwal Desai,
Please assist when I run DCdiag i get this error below.
The Key Distribution Center (KDC) encountered a ticket that did not contain information about the account that requested the ticket while processing a request for another ticket. This prevented security checks from running and c
ould open security vulnerabilities.
When running the command “wusa /uninstall /kb:KB5009624” under 2012R2 I received only the WUSA syntax popup and it would not run the command. Eventually I tried running the command without the preceding “KB” in the argument for the /kb switch as in: wusa /uninstall /kb:5009624. The command then worked.
Hi
Windows 2012 physical server each reboot it’s took 3 hours to come login screen after print spooler vulnerable patch
Could please suggest if any solution
It’s booting in safe mode ASAP butt normal boot it’s stuck in windows logo screen and after 3 hours login screen appears
There is no definite answer for this because there could be many reasons why this occurs. In most cases, faulty updates are the reason. So, I recommend you check the list of updates that were installed which began causing this issue.
Thank you ! thats works
Glad to hear that.
Does not work in my environment.
It worked for me. However I’ve seen this issue before, try deleting/renaming the pending.xml or restart.xml file in the WinSxS folder. Another cause maybe that the trustedinstaller service is set to start automatically instead of manual. I had to boot to recovery mode and run autoruns.exe from a flash drive to fix that issue.
Hi Prajwal
In our company we have too issue with stuck boot. Workaround i have, but do you some idea why it happens? We made case on Microsoft, but their field engineer says something about bad patching strategy, but nothing specific. I thing that that is nonsence because patching process is still the same. We offer patches based on predefined query – if is the KB needed on some machine, it is downloaded and offered. I tried offer for W2k12 only Servicing stack + Monthly cumulative update, but problem persist. We have about 250 W2k12 servers and stuck boot was on approx. 20 of them. Do you have some idea how predict which systems may be affected? First problem we registered in November 2019, in December patch round problem persist and we stop patching of W2k12 system. Now Im afraid what happens in January….
Thank You
I saw safe mode as a possible fix on various forums. However whenever I try to boot into safe mode I don’t get to the login screen and it just reboots. Anyone know of a fix for this?
It worked for me. However I’ve seen this issue before, try deleting/renaming the pending.xml or restart.xml file in the WinSxS folder. Another cause maybe that the trustedinstaller service is set to start automatically instead of manual. I had to boot to recovery mode and run autoruns.exe from a flash drive to fix that issue.