authentication errors Archives

Winsage

May 28, 2026

Windows Server 2016 Update: Disastrous Bug Breaks AD

Microsoft released a mandatory patch (KB5087537) for Windows Server 2016 to enhance cryptographic layers and address critical vulnerabilities. This update is essential for organizations using legacy workloads, as mainstream support ended in January 2022, but extended support continues until January 12, 2027. The patch aims to prepare systems for the expiration of Windows Secure Boot certificates in June 2026, which, if not updated, could compromise security and expose systems to malware. The update uses a phased deployment model and includes a new SecureBoot folder to assist IT professionals in managing certificate status. It also addresses various quality-of-life issues, including bugs affecting Remote Desktop Connection and authentication errors with Microsoft services. However, a significant issue arises when the host server name is exactly 15 characters long, causing failures in the domain controller discovery process and obstructing critical operations. This bug is linked to the historical 15-character limit of NetBIOS, which affects the Active Directory lookup mechanism. Microsoft has acknowledged the issue but has not provided a timeline for a fix, leaving administrators to either rename servers or uninstall the update. As the Secure Boot deadline approaches, IT departments must carefully assess their environments to avoid disruptions while ensuring security compliance.

Winsage

January 16, 2026

For January, Patch Tuesday starts off with a bang

Users accessing Azure Virtual Desktop or Windows 365 Cloud PCs through the Windows App may experience authentication errors and credential prompt failures after installing updates KB5074109, KB5073455, or KB5073724. Microsoft is preparing an out-of-band fix and advises affected users to connect via the Remote Desktop client for Windows or the Windows App Web Client. A minor subset of users may also find the password icon missing on the Windows login screen, an issue since the August 2025 update, for which Microsoft has introduced a Known Issue Rollback for Pro and Home users, while enterprise deployments should implement an updated Group Policy. Microsoft has removed legacy Agere and Motorola soft modem drivers to address CVE-2023-31096, a security vulnerability, which will render hardware reliant on these drivers non-functional after the January updates. Additionally, certificates from 2011 used by many Windows devices will begin to expire in June and October, potentially causing boot issues or loss of access to Secure Boot security fixes for devices not updated with 2023 certificates. A new section for resolved issues has been introduced in the monthly updates, addressing challenges impacting enterprise environments.

Winsage

October 24, 2025

Weird Authentication Failures? Could Be That Microsoft Doesn’t Like Duplicate SIDs Anymore

Microsoft has introduced a feature that requires unique Security Identifiers (SIDs) across systems, effective August 29, 2025, impacting users who previously cloned images with duplicate SIDs for Kerberos or NTLM connections. This change has led to SECENO_CREDENTIALS errors in the Event Viewer and other reported issues. Microsoft recommends using the Sysprep tool for fresh machine setups. A workaround exists through a Group Policy setting that allows duplicate SIDs, but users must contact Microsoft support to access it, as it is not available by default. This update marks the third occurrence of authentication errors associated with Microsoft updates.