Skip to content

Sign in with Domain Button not working for a handful of users after installing Windows OS January Patch Updates #9872

@Clare-Octopus

Description

@Clare-Octopus

Severity

Blocking customers from logging in with the domain button, workarounds exist.

Version

Present in 2024.4 and 2025.4

Latest Version

I could not reproduce the problem

What happened?

A handful of users are experiencing sign-in issues post-install of Windows OS January Patch updates when either auto-logging in via an Active Directory domain or using the Sign in with Domain button.

Usually, it will auto-log you in when clicking on the button, but users are now seeing pop-up boxes to sign in and seeing 401 errors after doing so. Users will usually see this error message or something similar:

Image

The KB updates that affect this are:

Windows Server 2016 - KB5073722
Windows Server 2019 - KB5073723
Windows Server 2022 - KB5073457

There seems to have been some NTLM changes from Microsoft in those updates, which have broken the Octopus Authentication flow using httpsys and NTLM.

You can read more about the authentication schemes Octopus uses for Active Directory Authentication here.

We have yet to see this issue occur on a Windows Server 2012 or 2025 box.
Some users have reported it will work in Chrome or Edge but not in Firefox.

We have been unable to reproduce this issue on various different OS and setups and only a handful of users have reported this so far so we believe this is environmental but cannot pinpoint what setting is causing this at present.

Please see workaround below.

Reproduction

We have been unable to reproduce this yet but are currently working on gathering logs etc from affected users.

Error and Stacktrace

N/A

More Information

Customer Tickets (internal) -

RnD (Internal) - https://octopusdeploy.slack.com/archives/CNHBHV2BX/p1769099538513169
Octopus Slack Investigation (Internal) - https://octopusdeploy.slack.com/archives/C0AD8NZA1KP

Workaround

All affected customers have been able to mitigate this by switching to Kestrel Authentication from httpsys.

All that is required here is to run the command in our documentation to switch to Kestel Authentication and restart the Octopus Server Service. That should then allow you to logon via the Domain button again with the Windows KB updates installed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugThis issue represents a verified problem we are committed to solving

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions