-
Title
SAS is not impacted by the security hardening of Microsoft RPC Netlogon protocol -
Description
There has been a recent micosoft Security hardening Microsoft RPC Netlogon protocol. This update strengthens access controls by blocking anonymous RPC requests that could previously be used to locate domain controllers. This change is not configurable and cannot be reverted via policy.
This is the MS KB link: KB5062592
https://support.microsoft.com/en-us/topic/july-8-2025-kb5062592-monthly-rollup-476e55d8-4f31-4707-81b1-41010430c4bbAfter installing the applicable Windows security update, Active Directory domain controllers will reject certain anonymous RPC requests made through the Netlogon RPC server. These requests are typically used for domain controller location and may impact interoperability with some third-party file and print services, including Samba.
This is being applied to all Windows servers.
-
Resolution
SAS doesn't use Microsoft RPC Netlogon protocol, so it will not be impacted by the planned security hardening.
VAS doesn’t use the anonymous Netlogon RPC calls that Microsoft just locked down. VAS finds and talks to your domain controllers over:
- DNS SRV lookups (_ldap._tcp.dc._msdcs.…, _kerberos._tcp.…)
- LDAP (TCP/389 or 636) for user/group lookups
- Kerberos (TCP/88) for ticket acquisition
- GSS‑TSIG (for secure DNS updates) over Kerberos