WARNING: Windows domain joins may fail after October updates
Published on: 2022-10-29
Updated on: 2022-10-29 @ 18:14
The issue you might face
Microsoft says Windows domain join processes may fail with "0xaac (2732)" errors after applying this month's security updates.
The issue stems from hardening changes introduced when addressing the CVE-2022-38042 elevation of privilege vulnerability in the Active Directory Domain Services that would allow attackers to gain domain administrator privileges. (source & more information: https://www.bleepingcomputer.com/)
You will most probably be affected if the domain join has failed at the creation of the Workspace and a manual domain join was executed
Your Workspace is unlikely vulnerable for the CVE-2022-38042 risk for there is no explicit "Domain Administrator" role in AADDS.
Solution - WIP
anDREa is investigating the impact and working on a solution.
2022-10-29 @ 14:28
Finding: unlikely vulnerable for the CVE-2022-38042 risk for there is no explicit "Domain Administrator" role in AADDS.
Finding: unlikely vulnerable for the CVE-2022-38042 risk for there is no explicit "Domain Administrator" role in AADDS.
2022-10-29 @ 18:14
Finding: Workspaces for which a VM was manually domain joined, can be affected
A workaround has been identified.
If you fail to access a VM that was working fine
- Create a ticket with VM-name (dws<nnnn>server<n>) and "VM might be affected due to October update"
- anDREa support will
- Remove the older entry from the domain and wait for a resync (less than 5 minutes)
- Rejoin the VM(s)
- Inform you
Related Articles
WARNING: Lsv2-series may receive errors
Users using Lsv2-series may experience issues. From Microsoft TRACKING ID: 4VXW-D9G TYPE: Incident STATUS: Active COMMUNICATION: Summary of Impact: Starting at 15:59 UTC on 20 Oct 2021, you have been identified as a customer using Virtual ...Windows-Base 1.0.5
OS Windows Server 2019 Browsers Microsoft Edge Chrome Utilities Notepad++ 7-ZipDomain and IP Allowlisting [External Access]
Roles for External Access in the Workspace Accountable and Privileged: Read + Write Advanced: Read only Rest All: No access Platform Support Team (PST members): Read + Write These steps will be performed only by the Accountable and Privileged Member ...Windows-OSDS/1.0.0 Open Source Data Science
Windows-OSDS/1.0.0 Open Source Data Science VM template This template has been discontinued, it is not up-to-date anymore. Please contact your local Support Team member for institute-specific VM templates. OS Windows Server 2019 Web browsers Chrome ...R/RStudio installation using domain allowlisting on Windows VMs
First version: 2022-08-22 Last version: 2023-12-15 Last change: Added an alternative for installing packages from Github (installation from manually downloaded repository). This is a community effort. The article was created by the anDREa Support ...