Skip to Content

How do I stop Zabbix service alerts caused by Windows Server update KB5072033?

By: Author Alex Lim

Posted on

Categories Troubleshooting

Home » Troubleshooting » How do I stop Zabbix service alerts caused by Windows Server update KB5072033?

Why is the AppX Deployment Service constantly restarting after the latest Windows Server 2025 update?

Advisor’s Analysis: The AppX Deployment Service Issue

If you administer Windows Server 2025 (version 24H2), you must review your service configurations immediately following the December 2025 Patch Tuesday. We have confirmed that Cumulative Security Update KB5072033, released on December 9, 2025, introduces an undocumented change to the system configuration.

The update forces the AppX Deployment Service (AppXSVC) startup type to “Automatic.” The default and correct configuration for this service is “Manual.”

This misconfiguration creates a logic loop within the operating system. The AppXSVC service launches, completes its intended tasks, and then shuts down to save resources. However, because the startup type is now set to “Automatic,” the Service Control Manager interprets this normal shutdown as a crash. The system immediately attempts to restart the service. This cycle repeats indefinitely.

Impact on System Monitoring

For administrators using monitoring platforms like Zabbix, this behavior triggers false positive alerts. Your dashboard will report a permanent “service outage” or flapping state because the service continuously enters a stopped state. While this does not impact the core stability of the OS, it generates unnecessary noise in log files and monitoring channels, potentially masking genuine critical failures.

Note: Cross-verification confirms that Windows Server 2022 remains unaffected by its respective update (KB5071547). This issue is isolated to Windows Server 2025.

Technical Resolution: The Registry Workaround

While uninstalling KB5072033 resolves the issue, doing so removes critical security patches. The recommended approach is to manually revert the service configuration via the Windows Registry.

Warning: The specific registry key for AppXSVC is protected by strict Access Control Lists (ACLs). You cannot modify it with standard administrative privileges; you must take ownership of the key first.

Step-by-Step Correction:

  1. Open Registry Editor (regedit.exe) as an Administrator.
  2. Navigate to the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppXSVC
  3. Adjust Permissions: Right-click the AppXSVC folder and select Permissions. You must grant your administrator account full control or take ownership from TrustedInstaller temporarily.
  4. Modify the Value: Locate the DWORD named Start.
    • Current Value: 2 (Automatic – Incorrect)
    • Target Value: 3 (Manual – Correct)
  5. Restore Permissions: After changing the value to 3, restore the original permission settings to maintain system security.
  6. Verify: Restart the server or the service to ensure the loop ceases.

Additional Patch Context: KB5072033

Beyond the AppXSVC issue, KB5072033 addresses several critical functional defects. You should weigh these fixes against the administrative overhead of the registry repair described above:

  • Virtual Switch Logic: Fixes a severe bug where external virtual switches lost Physical Network Adapter (NIC) bindings after a reboot, reverting to internal mode and severing VM network connectivity.
  • Copilot Interaction: Resolves an issue where the “Click to Do” window failed to appear in the foreground during data sharing.
  • Explorer Stability: Patches a graphical glitch causing Windows Explorer to flash white during navigation (a regression from KB5070311).
  • PowerShell Security: Invoke-WebRequest now mandates a user confirmation prompt regarding script execution risks (CVE-2025-54100).