Windows Server 2016 Domain Controller Lookup Fails After May Update

Michael Miller · 2026-05-26

Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. If you're running this version, you might have noticed some strange behavior lately. Let's break down what's happening, why it matters, and how you can work around it. ### What's Actually Going On? The problem is pretty specific. After you apply the KB5087537 update, domain controllers in your network might stop responding to lookup requests. This means clients can't find the right domain controller to authenticate or access resources. It's not a total outage, but it can feel like one when users start complaining they can't log in. Think of it like this: your domain controllers are the traffic cops of your network. When they go silent, everyone gets stuck at the intersection. The update seems to mess with how these controllers announce themselves or respond to queries. Microsoft hasn't pinned down the exact cause yet, but they're working on it. ### Who's Affected and What to Watch For This issue only hits Windows Server 2016 systems. If you're running Server 2019 or 2022, you're in the clear. But if you're on 2016, here's what you might see: - Clients failing to authenticate against the domain - Group Policy updates timing out - DNS lookups for domain controllers returning nothing - Event ID errors related to Netlogon or LDAP It's not every system, either. Some admins report it's sporadic, which makes troubleshooting a real headache. One minute things work, the next they don't. ### A Quick Workaround (Before Microsoft Fixes It) Microsoft hasn't released a patch yet, but they've suggested a temporary workaround. You can manually uninstall the KB5087537 update from affected servers. Here's how: 1. Open Control Panel and go to Programs > Installed Updates 2. Find KB5087537 in the list 3. Right-click and select Uninstall 4. Reboot the server This should restore normal domain controller functionality. But keep in mind, you're losing the security fixes from that update. So weigh the risk carefully. If your network is already locked down tight, the workaround might be safer than dealing with authentication chaos. ### Why This Matters for Your Daily Operations For IT pros managing Windows Server 2016 environments, this isn't just a minor glitch. Domain controller lookups are the backbone of Active Directory. When they fail, everything grinds to a halt. Users can't access email, file shares, or even log into their workstations. It's the kind of problem that turns a quiet Tuesday into a full-blown crisis. And here's the kicker: because the issue is intermittent, it's easy to misdiagnose. You might chase DNS problems or network connectivity issues for hours before realizing it's the update. So if you're seeing weird authentication failures after installing May's patches, this should be your first suspect. ### What's Next? Microsoft is actively investigating and will likely release a hotfix in the coming weeks. In the meantime, keep an eye on their official documentation for updates. If you're in a production environment, test the update on a non-critical server first before rolling it out broadly. That way, you catch issues like this before they hit your users. For now, the safest bet is to either skip the KB5087537 update or have a rollback plan ready. And if you've already installed it and run into trouble, don't panic. The uninstall workaround is straightforward and usually does the trick. Just remember to monitor for any security gaps until a permanent fix arrives.