Nasuni Service Advisory
#250715
July 2025
Microsoft Security Update Impacting AD Unix Extensions
On July 8, Microsoft released an important security update for Active Directory Domain Controllers on Windows Server versions prior to 2025 (KB 5062572, OS Build 20348.3932).
This update changes how the Microsoft RPC Netlogon protocol validates remote procedure call (RPC) requests. As a result, Samba servers configured as Active Directory domain members using the “ad” id mapping backend will no longer function correctly after applying the update.
You are receiving this advisory because we have identified Nasuni Edge Appliances (NEAs) within your account that will be impacted.
Important: This Samba backend is only used with NEAs when AD Unix Extensions are enabled for multiprotocol access via the POSIX mixed mode volume permissions policy. NEAs using the standard backend for Active Directory authentication are not impacted.
After the July Microsoft update is installed, users will no longer be able to connect to SMB services provided by the NEA in affected configurations.
Affected Versions
This affects any Nasuni environment using AD Unix extensions with Windows AD domain configurations (RFC2307), which uses the “ad” id mapping backend running Windows Server 2008 or later. This backend is only used when customers enable Nasuni’s AD Unix Extensions for multiprotocol access. Note that Windows Server 2025 already contains these security updates, and Microsoft is deploying the same update to all prior Windows Server versions back to 2008.
This issue impacts:
Any Nasuni Edge Appliances (NEAs) using Active Directory Unix Extensions with RFC2307 ID mapping
Windows Server versions 2008 through 2022 after installing KB 5062572
Note: Windows Server 2025 includes this update by default.
Required Action
If affected, temporarily uninstall KB 5062572 update on the Windows Servers acting as Active Directory Domain Controllers until they can be updated to a Nasuni version that includes the fix. Customers using Windows Server 2025 domain controllers must wait for a Nasuni version that includes the fix.
Nasuni will deliver a patch in Q3 2025 to ensure full compatibility between NEAs using AD Unix Extensions and Microsoft Active Directory.
If this upcoming Nasuni patch or the above workaround on the AD servers is not applied, SMB access on NEAs using AD Unix Extensions will fail.
Need Help?
If you need any assistance, our team is here to help! Reach out to Nasuni Support at www.nasuni.com/support or via email at support@nasuni.com for guidance or to answer any questions you might have.
These advisory details can also be found in Knowledge Base article 13636 on our Community site for more information (requires login).
Nasuni Corporation | Account Management | Technical Support |
LEGAL DISCLAIMER
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. NASUNI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Copyright 2010-2025 Nasuni Corporation. All rights reserved.
Nasuni is a registered trademark of Nasuni Corporation in the U.S. and other countries.
All other trademarks are the property of their respective owners.