Windows Server 2016 Domain Controller May Fail with 15-Character

Microsoft’s May 12, 2026, security update KB5087537 has introduced a disruptive bug for Windows Server 2016 administrators.

The update introduced a critical flaw that caused domain controller discovery to completely fail on servers configured with hostnames exceeding the 15-character NetBIOS limit, leaving administrators unable to perform essential network operations.

Microsoft acknowledged the issue ten days after the patch release, confirming that affected systems return ERROR_INVALID_PARAMETER errors when attempting DCLocator commands, effectively breaking domain controller communication.

Windows Server Hostname Bug

After installing the KB5087537 cumulative security update, systems running Windows Server 2016 experience failures in domain controller lookup processes when the server hostname reaches the maximum 15-character NetBIOS limit.

The DCLocator service, which applications and administrative tools rely on to locate domain controllers, returns ERROR_INVALID_PARAMETER when running operations such as “nltest /dsgetdc:<domain> /pdc”.

This error prevents proper domain controller discovery, disrupting essential network operations. The 15-character limit stems from legacy NetBIOS naming conventions that are still integrated into Windows networking architecture.

While Windows permits DNS hostnames longer than this threshold, the NetBIOS computer name cannot exceed 15 characters, creating compatibility constraints that the recent update appears to have aggravated.

Administrative operations dependent on domain controller lookup functionality are directly affected by this flaw.

Organizations that use Distributed File System Namespace (DFSN) management face specific challenges, as these services require reliable communication with domain controllers to function properly.

The inability to locate domain controllers disrupts authentication processes, group policy enforcement, and other Active Directory-dependent services critical to enterprise infrastructure.

Microsoft acknowledged the issue on May 22, 2026, and added it to KB5087537 as a known issue. The company stated that the problem remains under investigation, with additional information and potential fixes to be released as they become available.

While Microsoft develops a permanent solution, affected organizations have limited workaround options. The most direct approach is to rename affected servers to shorter hostnames. However, this solution requires careful planning in production environments to avoid service disruptions.

Administrators should test changes in isolated environments before implementing modifications to domain controllers. Organizations should monitor Microsoft’s security update guidance channels for forthcoming patches addressing this vulnerability.

Until a fix becomes available, IT teams managing Windows Server 2016 infrastructure should carefully evaluate whether to deploy KB5087537 on systems with 15-character hostnames or delay installation pending resolution.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.