Microsoft System Center Configuration Manager (SCCM) is a Windows product that enables the management, deployment and security of devices and applications across an enterprise. 

Use Case observed: 

• CA Advanced Authentication 9.1 SP3 deployed on a Windows 2019 Server. The Windows team (Windows Server Update Services) applied the Windows Server PATCH on the Windows servers. Windows PATCH is Microsoft KB5022286. 
• In this use case, they have different windows servers to host different CA Advanced Authentication components. 
       - They have a Windows server where they deploy the Risk Authentication and Strong Authentication and Management Services components. 
       - They have applied the above mentioned Microsoft KB5022286 PATCH on this server and NOT observed any issues. 
• There is another Windows server where they deployed the CA Adapter (arcotafm) component using the " Apache Tomcat " application server. - They have applied the same Microsoft KB5022286 PATCH on this server as well. As soon as they applied this PATCH, they were NOT able to start the " Apache Tomcat " application server. 

Release: CA Advanced Authentication release 9.1
Component: CA Advanced Authentication.

The " SCCM " back channel was configured to use port 8005 which is also Tomcat port where it listens for Shutdown requests. Any Apache Tomcat Server which was configured to use the same port which is by default 8005 wouldn’t work. Apache Tomcat Service couldn’t start. 

Subsequently, all Apps including arcotafm, admin, arcotsm or anything in the Apache Tomcat deployed wouldn’t work. 

Quick Resolution:

Uninstall/Revert the Microsoft KB5022286 patch from the server and that should help restarting the Tomcat service as no port conflict is there.

Precaution:

If you are using the SCCM tool to deploy patches please make sure to disable the SCCM port 8005 after Patch installation and Restart the Tomcat service or change the Tomcat port in server.xml to listen on any other port than 8005.