I have some code in a Test Suite doing Kerberos authentication. These tests have been working as expected for years.

Recently I updated The Windows 11 machine running the tests and Windows update applied KB5050009. Since this particular update, function AcceptSecurityContext has been failing with code SEC_E_LOGON_DENIED (alias 0x8009030CL, alias The logon attempt failed).

I searched on the internet for any advice but could not find anything related to my issue.

On the client side, user [email protected] is logged in and the code running goes something like this:

CredHandle credentials{};
TimeStamp lifetime{};
std::array<char,9>package={"kerberos"};
AcquireCredentialsHandle(nullptr,package.data(),SECPKG_CRED_OUTBOUND,
    nullptr,nullptr,nullptr,nullptr,&credentials,&lifetime);
SecHandle securityContext{};
ULONG contextAttributes=0;
InitializeSecurityContext(&credentials,nullptr,targetName.data(),
    ISC_REQ_CONFIDENTIALITY,0,SECURITY_NATIVE_DREP,nullptr,0,
    &securityContext,&outBufferArray,&contextAttributes,nullptr);

It works.

On the Server side, user [email protected] is logged in:

CredHandle credentials{};
TimeStamp lifetime{};
std::array<char,9>package={"kerberos"};
AcquireCredentialsHandleA(nullptr,package.data(),SECPKG_CRED_INBOUND,
    nullptr,nullptr,nullptr,nullptr,&credentials,&lifetime);
SecHandle securityContext{};
ULONG attribs=0;
auto res=AcceptSecurityContext(&credentials,nullptr,&inBufferArray,attribs,
    SECURITY_NATIVE_DREP,&securityContext,&outBufferArray,&attribs,nullptr);

At this point res is SEC_E_LOGON_DENIED.

Any idea on how to make Kerberos live happily with KB5050009 ?

A few points worth mentionning:

• Compiler is latest version of Visual Studio (2022 17.12.4).
• SPN is correctly set.
• KDC is running latest version of Samba
• Rebooting doesn't help.
• Uninstalling KB5050009 solves the issue.
• If the Server side is launched by the SYSTEM account, authentication doesn't fail.