Microsoft has published KB5021654 (OS Build 14393.5502) Out-of-band for Windows 10 version 1607 all editions and Windows Server 2016 all editions to address Kerberos authentication issues.

November 17, 2022—KB5021654 (OS Build 14393.5502) Out-of-band

Highlights

• It addresses a known issue that affects Windows Servers that have the Domain Controller (DC) role. They might have Kerberos authentication issues..  

Improvements

This non-security update includes quality improvements. When you install this KB:

• It addresses a known issue that might affect Windows Servers that have the Domain Controller (DC) role. They might have Kerberos authentication issues if both of the following are true:

  • You installed the November 8, 2022, or later update on the DC

  • You  configured the  SupportedEncrytionType key to remove the RC4 cipher at a domain level or on individual accounts

  You might receive Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 errors. These appear in the System section of the Event Log on your DC. The affected events include the text, "the missing key has an ID of 1".

  Note This issue is not an expected part of the  security hardening for Netlogon and Kerberos starting with November 2022 security update. You must still follow the guidance in the listed articles.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.  

November 17, 2022—KB5021654 (OS Build 14393.5502) Out-of-band - Microsoft Support