'Cannot find address of BuildTicketTGS' Unsafe-Kerberos-Encryption-Type events (4375719)

'Cannot find address of BuildTicketTGS' Unsafe-Kerberos-Encryption-Type events

After May 14th, 2024, the Change Auditor agent is not working on a Domain Controller running Windows Server 2016 or 2019 and there are 'Cannot find address of BuildTicketTGS' Unsafe-Kerberos-Encryption-Type events.

The Windows update for May 14th 2024 appears to have caused a broken hook on 2016 and 2019 DCs - 'Cannot find address of BuildTicketTGS' which affects the Unsafe-Kerberos-Encryption-Type Change Auditor event

Example from CAADHook.dll.nptlog (see log attached):

ID: 223
Time: 5/14/24 15:14:14.923
Level: WARN
Thread: 2756
Logger: Root Logger
File: c:\build\1\s\product\itad\qcmhook\hooks\hookmgr.hpp
Function: CHookMgrImpl::Update
Line: 504
Message: Cannot find address of BuildTicketTGS. Unsafe-Kerberos-Encryption-Type events will not be available.

The Product team logged Defect ID 492549, and a fix was implemented since version 7.5 of Change Auditor.

492549

Product Defect ID: 492549