Skip to main content
Skip table of contents

Nexus awareness advisory on Microsoft’s update KB5014754

In May 2022, a security update was introduced that changes the Active Directory Kerberos Key Distribution (KDC) behavior on Windows Server 2008 and later versions when validating certificates during certificate-based authentication. However, there is an option to move back to Compatibility mode until September 2025. ​​​​​​​

More details and information are provided on Microsoft’s support pages here: KB5014754—Certificate-based authentication changes on Windows domain controllers 

Important date: February 11 2025
Full Enforcement mode: If a certificate cannot be strongly mapped, authentication will be denied. Unless updated to this mode earlier, all devices will switch to Full Enforcement.

Nexus has published an awareness advisory to assist customers and partners to better understand the impact and best way to address it.
See https://www.nexusgroup.com/nexus-awareness-advisory-on-microsofts-update-kb5014754/ for further information.

For more technical details, also see Map objectSid certificate for KB5014754.

For GO Workforce customers:
Contact Nexus at your earliest convenience by creating a support ticket (support@nexusgroup.com), or submitting an inquiry via this page: Nexus awareness advisory on Microsoft’s update KB5014754.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close