Microsoft’s April security update causes reboot loop issues in Windows Server Domain Controllers

Microsoft’s April 2026 security update has caused continuous reboot loop issues in some Windows Server domain controller systems. According to the information, the April update tracked as KB5082063 causes crashes in the Local Security Authority Subsystem Service (LSASS) process, particularly on non-Global Catalog domain controllers used in Privileged Access Management (PAM) environments. As a result, Active Directory authentication and directory services become unavailable.

It has been reported that the issue affects Windows Server 2016, 2019, 2022, 23H2 and 2025 versions. Since the LSASS service fails during the system startup sequence, it triggers an automatic restart process and the server repeatedly enters the same faulty authentication code path without returning to a stable state. This creates a continuous reboot loop condition.

It is noted that the issue mainly affects managed enterprise environments that use PAM for Active Directory privilege delegation. Personal devices and systems outside IT-managed domains are reportedly not affected by this problem.

Within just one week of its release, KB5082063 has already been recorded as the third confirmed issue associated with the update. The company also stated that the same update causes some Windows Server 2025 systems to prompt for a BitLocker recovery key, while investigations are ongoing regarding cases where the update fails to install entirely.

It is reported that April security updates for Windows Server domain controller systems have caused consecutive issues over the past three years. In March 2024, the “Patch Tuesday” update caused domain controllers to crash, after which Microsoft released an emergency out-of-band fix. The April 2024 patch cycle then disrupted NTLM authentication and led to unplanned restarts. In 2025, an additional correction was also released due to Active Directory authentication issues.

As no official patch date has yet been announced for KB5082063, administrators currently have three main options: delaying the April update, isolating a separate test domain controller to validate patch behavior before wider deployment or using the temporary mitigation measures provided through Microsoft Support for Business.