**Microsoft** is warning that **Windows** administrators may encounter issues with domain controllers (DCs) restarting repeatedly due to **LSASS** crashes after applying the April 2026 security updates. This problem can occur when setting up new domain controllers or on existing ones if the server processes authentication requests very early in the startup process. ### LSASS Crashes and PAM Impact "After installing the April 2026 **Windows** security update (**KB5082063**) and rebooting, non‑Global Catalog (non‑GC) domain controllers (DCs) in environments that use **Privileged Access Management (PAM)**, might experience **LSASS** crashes during startup," **Microsoft** stated in a release health dashboard update. "As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable." This issue specifically targets organizations employing **Privileged Access Management (PAM)**. It is less likely to impact personal devices not managed by an IT department. Affected platforms include **Windows Server 2025**, **Windows Server 2022**, **Windows Server 23H2**, **Windows Server 2019**, and **Windows Server 2016**. ### Mitigation and Support While **Microsoft** is actively developing a fix, they recommend that IT administrators contact [Microsoft Support for Business](https://support.serviceshub.microsoft.com/supportforbusiness/onboarding?origin=/supportforbusiness/create) for mitigation strategies applicable even after deploying the April 2026 update. ### Recurring Domain Controller Issues **Microsoft** has faced similar domain controller problems caused by security updates in recent years. For example, they resolved **Windows Server** authentication issues in June 2025 caused by the April 2025 security updates. In May 2024, another fix addressed **NTLM** authentication failures and domain controller reboots following the April 2024 **Windows Server** security updates. Emergency out-of-band (OOB) updates were also released in March 2024 to resolve **Windows** domain controller crashes after installing the March 2024 security patches. ### Installation Failures and BitLocker Prompts **Microsoft** is also investigating a separate issue where this month's **KB5082063 Windows** security update fails to install on some **Windows Server 2025** systems. Furthermore, some **Windows Server 2025** devices may prompt users for a **BitLocker** key after deploying the **KB5082063** update.