AuthLite Upgrade Advisory #13 (Server 2012 R2)
Starting with the July 2023 Windows update on Server 2012 R2 Domain Controllers, AuthLite will accidentally break the thread pool when the server gets busy. The server will start fine but then return authentication errors or become unresponsive once it hits a busy period of authentications. The errors may initially involve only AuthLite users, but depending on the amount of load the entire operation of the DC can be affected. It may not be able to recover until the server is restarted, but then the problems will recur when the server goes under busy authentication load again.
Upgrading your DCs to the newest AuthLite version (2.4.11) and restarting them is sufficient to resolve this problem. You can get this from the downloads page or directly at https://s3.authlite.com/downloads/2.4/AuthLite_installer_x64.msi
Notes:
- If you have 2012 R2 DCs, you should plan to upgrade them to 2.4.11 even if you have not noticed any problems yet.
- Make sure you have installed the relevant Microsoft Update to fix the GetAllTrustRelationships API. See the Microsoft support page at: apps-that-acquire-or-set-active-directory-forest-trust-information-might-have-issues. Each OS version and .NET Framework version has a different relevant KB to download the update.
- If the AuthLite version on your DCs right now is *older than 2.3.27* then upgrading will require a schema update. We recommend you open a support request so we can advise about this, at https://tix.authlite.com .
- Even if you are not affected by this issue, you may always choose to upgrade your AuthLite version. The issue described in this message, however, is only known to affect 2012 R2 DCs.
- You should maintain all DCs to be on the same AuthLite version as each other, however it is not critical to do this immediately in one batch. Please do not keep them on different versions perpetually however, as this can cause behavior to differ depending on which DC an authentication request reaches.