This release addresses the compatibility issues introduced by the May 13, 2025 Microsoft KB updates, as outlined in yesterday’s announcement. All affected module versions are updated in this release. See below for a recap of known issues and included updates.
Do you want to be notified of future product updates?
Are you subscribed to this category? If not, or if you're not sure, expand me to see how!
Bug Fixes and Miscellaneous Updates
Active Directory. Microsoft KB May 13, 2025 Update
On May 13th, 2025, Microsoft distributed KB’s which conflict with existing AD Module used in Netwrix Activity Monitor for AD. If these KB’s are applied to your systems, they will conflict with current AD module as described below.
• Functional:
○ Server 2025 - KB5058411
– AD module will lose the ability to capture NTLM Authentication events (Termsrv (JumpBox)
○ Expected ADMonitor_Logs Error:
- Couldn’t resolve NlpLogonSamLogon for Windows Server 2022 (20348.2400)
- Couldn’t resolve NlpUserValidate
- Couldn’t resolve CConnectionEx::InitializeClientData (4 param)
○ Server 2022 - KB5058385
– AD module will lose the ability to capture Kerberos and NTLM Authentication events
○ Expected ADMonitor_Logs Error:
- Couldn’t resolve HandleTGSRequest
- Couldn’t resolve I_GetASTicket
- Couldn’t resolve NlpLogonSamLogon
- Couldn’t resolve NlpLogonSamLogon
- Couldn’t resolve NlpUserValidate (Old)
- Couldn’t resolve NlpUserValidate
○ Server 2019 - KB5058392
– AD module will lose the ability to capture or block Kerberos and NTLM Authentication events
○ Expected ADMonitor_Logs Error:
- Couldn’t resolve HandleTGSRequest
- Couldn’t resolve I_GetASTicket
- Couldn’t resolve NlpLogonSamLogon
- Couldn’t resolve NlpLogonSamLogon
- Couldn’t resolve NlpUserValidate (Old)
- Couldn’t resolve NlpUserValidate
○ Server 2016 - KB5058383
– AD module will lose the ability to capture Kerberos and NTLM Authentication events
○ Expected ADMonitor_Logs Error:
- Couldn’t resolve HandleTGSRequest
- Couldn’t resolve I_GetASTicket
- Couldn’t resolve NlpLogonSamLogon
- Couldn’t resolve NlpLogonSamLogon
- Couldn’t resolve NlpUserValidate (Old)
- Couldn’t resolve NlpUserValidate
• Stability:
○ No stability impact on any server platforms / Domain Controllers
File activity on RHEL 9
The product failed to collect file system events on some Red Hat Enterprise Linux 9 servers due to a failure to register the monitoring service process.
Included Module Versions
- Windows Driver - 1.25.507.1302
- Active Directory Module - 7.4.0.201
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Activity Monitor > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Activity Monitor > Ideas |
| If you have something cool to show… | Show everyone what you built: Activity Monitor > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!