After the May 2026 cumulative, Windows Server 2016 domain controllers with a hostname exactly 15 characters long stop answering LDAP and DNS lookups correctly. Domain-joined clients see authentication delays. Replication between DCs slows or stalls.

The trigger is precise. A 14 character name works. A 16 character name works (where NetBIOS rules allow). Exactly 15 fails. Reports lit up in r/sysadmin and Microsoft Q&A between May 23 and 26. Microsoft has acknowledged the issue and is working on a hotfix.

Confirm You Are Hit

Check the hostname length on each DC:

(hostname).Length

If it returns 15, you are in the affected pool. Then probe the symptoms:

nltest /dsgetdc:yourdomain.local
Test-ComputerSecureChannel -Verbose
Get-ADReplicationFailure -Target (hostname)

Authentication latency, partial responses, and replication errors against this single DC all point at the bug.

Workaround One: Rename the DC

Add or drop one character. This is the cleanest fix and Microsoft's own suggested workaround. Plan it like any DC rename.

Rename-Computer -NewName "NEWDCNAME01" -Restart

Then update any hardcoded references in DNS forwarders, monitoring, backup, and certificate subjects. DNS scavenging clears the old A record on its own once you remove the stale entry.

Workaround Two: Uninstall the May 2026 CU

Lower risk than a rename if the DC is a single point and you cannot schedule a reboot window today.

wusa /uninstall /kb:5089XXX

Replace the KB number with the May cumulative that applies to your build. Pause updates until the hotfix ships. Do not combine both workarounds: renaming after uninstall hides whether the patch was actually the cause.

Why Hybrid Environments See It as Flaky

If you are still running 2016 DCs alongside Server 2022 or 2025 DCs, the 2016 box is the one that fails. Clients fall back to the newer DCs, so the impact looks intermittent. The giveaway is one DC's auth queue running hot while the others sit quiet.

Long term, Server 2016 mainstream support is done and extended support ends January 2027. If this bug is the nudge you needed, now is the moment to plan the upgrade.

Running legacy Windows Server in production and need a migration plan? Rain City Techworks handles managed IT and security for businesses in the Seattle and Tacoma area.