The Windows Server Netlogon spoofing patch MS15-027/KB 3002657 hit on last week's Black Tuesday. By Wednesday, we already knew we had a problem. Admins started complaining about the way it triggered log-on failures to EMC Isilon clusters. By Thursday, it became clear that the problems extended to Outlook, SharePoint, and NTLM authentication in general.
Yesterday Microsoft finally acknowledged the problem and posted a fix -- for Windows Server 2003 only, although I've seen unverified reports of similar problems on other versions of Windows Server.
For those of you who rely on Server 2003 machines as domain controllers, there's some extra work you'll need to do -- even if you have KB 3002657 installed and aren't experiencing any authentication problems.
The updated Security Bulletin MS15-027 puts it this way:
To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update also apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action.
Yes, you read that right. There's a second version of the patch and Server 2003 admins who managed to get the first version installed and working need to install the second version over the top of the first version.
The KB article references problems with EMC Isilon OneFS in the Known Issues section. As of early Wednesday morning, I don't see any discussion of the other problems.
At this point it's an open question whether other versions of Windows Server are having similar problems. If you're seeing problems with NTLM authentication after installing KB 3002657, on machines other than Server 2003 domain controllers, head over to one of the TechNet threads on the subject and let Microsoft know.