Microsoft said that a security update for Windows Server 2016 may cause domain controller lookups to fail [1].
This failure can disrupt essential network services and authentication processes for organizations relying on the 2016 server version. Because domain controllers manage user permissions and security policies, a lookup failure can prevent systems from communicating with the central directory.
The issue stems from the installation of security update KB5087537 [1]. This specific update was released in May 2026 [2]. Microsoft said the update introduces a bug that breaks the discovery process for domain controllers [1].
Systems experiencing this problem may be unable to locate the server responsible for authenticating users or applying group policies. This creates a critical bottleneck for administrators attempting to maintain network stability across global installations of Windows Server 2016 [1].
Microsoft said the known issue is a direct result of the KB5087537 patch [2]. The company did not provide a specific timeline for a fix in the initial confirmation, but the bug is linked specifically to the May 2026 update cycle [2].
IT administrators are advised to monitor their server logs for lookup failures following the application of the update. The disruption affects the ability of the server to identify and connect with the domain controller, which is a foundational requirement for Active Directory environments [1].
“Microsoft said that a security update for Windows Server 2016 may cause domain controller lookups to fail.”
This bug represents a significant risk for legacy infrastructure. Because Windows Server 2016 remains in use by many enterprises, a failure in domain controller discovery can lead to widespread authentication outages, effectively locking users out of network resources until a patch or workaround is applied.
