authentication failures Archives

Winsage

January 15, 2026

Windows App forgets how to log in with first security update of the year

Microsoft's January security update, released on January 13, 2026, has caused connection and authentication failures for users of Azure Virtual Desktop and Windows 365, particularly affecting those using the Windows App. The update has resulted in credential prompt failures during Remote Desktop connections across all supported Windows versions, from Enterprise LTSC 2016 to Windows 11 25H2, as well as Windows Servers from 2019 to 2025. Microsoft is investigating the issue and plans to release an out-of-band update soon. Users have been advised to either uninstall the update or use the Remote Desktop Client or the Windows App web client as workarounds. Reports indicate persistent issues, including an "Unable to Authenticate" error when attempting to connect via the Windows App. Microsoft has also made a Known Issue Rollback available to address these credential problems.

Winsage

January 6, 2026

How to generate a Wi-Fi report on Windows 11

Connectivity issues with wireless adapters on Windows 11 can include sluggish internet speeds, sporadic connections, or complete disconnection from networks. These problems may arise from outdated drivers, signal interference, router limitations, misconfigured settings, physical distance, or issues with the internet service provider. To generate a wireless report, open Command Prompt as an administrator and enter the command: netsh wlan show wlanreport. The report will be saved as an HTML file, typically located in C:ProgramDataMicrosoftWindowsWlanReport. The Wi-Fi report provides details on connection sessions, including duration and errors, and includes sections for report info, general system info, user info, network adapters, and script output. It summarizes connection successes and failures, and catalogs wireless session events with specific details. The report can help diagnose issues like driver problems, authentication failures, and unstable connections, but it does not automatically fix network problems. It lists the wireless adapter name, driver version, and error codes for troubleshooting purposes.

Winsage

November 3, 2025

Microsoft Sounds Windows 11 And Server Update Failure Alarm

Microsoft has confirmed that users of Windows 11 and Windows Server are experiencing authentication failures due to updates released on or after August 29. This issue, detailed in Microsoft Support posting KB5070568, is linked to duplicate Security IDs (SIDs) on devices, affecting Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. The problem arises from new security protections that enforce checks on SIDs, which are necessary to maintain user account integrity and prevent unauthorized access. Duplicate SIDs typically result from unsupported cloning or duplication of a Windows installation without using the Sysprep tool. The recent update mandates SID uniqueness, blocking authentication handshakes between devices with duplicate SIDs. To resolve this, users must rebuild their devices using supported methods for cloning or duplicating a Windows installation to ensure unique SIDs.

Winsage

October 24, 2025

Weird Authentication Failures? Could Be That Microsoft Doesn’t Like Duplicate SIDs Anymore

Microsoft has introduced a feature that requires unique Security Identifiers (SIDs) across systems, effective August 29, 2025, impacting users who previously cloned images with duplicate SIDs for Kerberos or NTLM connections. This change has led to SECENO_CREDENTIALS errors in the Event Viewer and other reported issues. Microsoft recommends using the Sysprep tool for fresh machine setups. A workaround exists through a Group Policy setting that allows duplicate SIDs, but users must contact Microsoft support to access it, as it is not available by default. This update marks the third occurrence of authentication errors associated with Microsoft updates.

Winsage

October 23, 2025

Microsoft says Windows update may have caused login problems

Microsoft has acknowledged that recent updates for Windows operating systems, specifically Windows 11 versions 24H2 and 25H2, and Windows Server 2025, may have caused login complications for some users. The problematic updates are KB5064081 (OS Build 26100.5074) released on August 29, 2025, and KB5065426 (OS Build 26100.6584) released on September 9, 2025. These updates can lead to authentication failures related to Kerberos and NTLM protocols, particularly on devices with duplicate Security IDs (SIDs). Symptoms include repeated prompts for credentials, failed access requests, inability to access shared network folders, challenges in establishing Remote Desktop connections, and specific error messages logged in the Event Viewer. The root cause is enhanced security measures that enforce checks on SIDs, which can block authentication handshakes when devices have duplicate SIDs, often due to unsupported cloning methods. There is no automated fix; administrators are advised to rebuild devices with duplicate SIDs using supported cloning methods or to configure a special Group Policy for a temporary workaround.

Winsage

October 23, 2025

Microsoft Confirms Recent Updates Causing Login Issues Across Windows Versions

Microsoft has identified a significant issue affecting users of Windows 11 version 24H2, version 25H2, and Windows Server 2025, where many users experience persistent login failures due to duplicate Security Identifiers (SIDs) after installing updates released on or after August 29, 2025. Reports indicate that after installing the preview update KB5064081 or the cumulative update KB5065426, devices with identical SIDs struggle to complete Kerberos or NTLM authentication, leading to repeated prompts for credentials and common error messages such as "Login attempt failed" and "Your credentials didn’t work." Shared network folders become inaccessible, and Remote Desktop connections fail. The root cause is enhanced security checks enforcing SID uniqueness, which block authentication handshakes when duplicate SIDs are detected. Duplicate SIDs typically occur when administrators clone Windows installations without using Sysprep, which is necessary to assign unique SIDs. Microsoft recommends rebuilding devices with duplicate SIDs using supported methods and running Sysprep prior to capturing images for deployment. As a temporary measure, administrators can install a specific Group Policy provided by Microsoft Support for Business.

Winsage

October 23, 2025

Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers

Mark your calendars for this Friday's Super Cyber Friday, featuring the session titled "Hacking the Death of EDR." Russian state-sponsored hacking group Coldriver has introduced three new malware strains: NOROBOT, YESROBOT, and MAYBEROBOT, following the exposure of their previous tool, LostKeys. The new malware is designed to evade detection and extract sensitive data from high-value targets. Microsoft has acknowledged that Windows updates released since August 29th are causing login failures on systems with duplicate Security Identifiers (SIDs), leading to authentication failures. Microsoft recommends rebuilding affected systems or contacting support for a temporary fix. Kaspersky researchers have identified a likely Chinese-speaking threat actor behind the “PassiveNeuron” campaign, targeting government, financial, and industrial servers across Asia, Africa, and Latin America since 2024, using custom implants and Cobalt Strike. CISA has added high-severity vulnerabilities in Oracle E-Business Suite, Microsoft Windows SMB Client, Kentico Xperience CMS, and Apple JavaScriptCore to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by November 10th. Researchers from France's CEA and Soitec have unveiled a new chip architecture called Fully Depleted Silicon-on-Insulator, designed to defend against laser fault injection attacks on automotive microcontrollers. During Pwn2Own Ireland 2025, researchers exploited 34 zero-days across various devices, earning a total of 2,500 in rewards, with Team DDOS chaining eight zero-days to compromise a QNAP router and NAS. Koi Security researchers discovered a new self-propagating malware named GlassWorm, which has infected approximately 36,000 developer systems by exploiting Visual Studio Code extensions, pilfering credentials, and installing remote access tools. PolarEdge is a botnet malware targeting Cisco, ASUS, QNAP, and Synology routers, first detected in February, which installs a TLS-based backdoor to fingerprint hosts and execute tasks while employing anti-analysis techniques.

Winsage

October 22, 2025

Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025

Microsoft has identified an authentication issue affecting users of Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025, due to updates rolled out since late August 2025. These updates have caused failures in Kerberos and NTLM protocols on devices with identical Security Identifiers (SIDs), leading to widespread login disruptions in enterprise networks. Users have reported repeated credential prompts, error messages, and compromised network access, including issues with Remote Desktop Protocol (RDP) sessions and Failover Clustering operations. Event Viewer logs indicate machine ID mismatches and potential session discrepancies. The problem is particularly severe in virtual desktop infrastructure (VDI) environments where multiple machines share SIDs. Microsoft has emphasized the importance of using the Sysprep tool to ensure unique SIDs during cloning, as the recent updates now strictly verify SIDs during authentication. IT administrators can temporarily alleviate the authentication blocks with a specialized Group Policy, but a permanent solution involves rebuilding devices using approved cloning procedures. As of October 21, 2025, no broader patch has been released.

Winsage

October 22, 2025

Microsoft: Recent Windows updates cause login issues on some PCs

Microsoft has acknowledged a significant issue affecting Windows systems following updates released since August 29, 2025, which are causing authentication failures on devices with duplicate Security Identifiers (SIDs). SIDs are unique alphanumeric strings used by Windows to manage user and computer accounts. The updates enforce checks on SIDs, leading to authentication failures, particularly impacting Windows 11 24H2, Windows 11 25H2, and Windows Server 2025. Users may experience failed remote desktop connections, "Access denied" errors, and failed login attempts despite valid credentials, along with SECENO_CREDENTIALS errors in the Event Viewer. Duplicate SIDs often arise from cloning Windows installations without proper preparation using the Sysprep tool. Microsoft recommends rebuilding systems with duplicate SIDs using supported methods and offers a temporary workaround through a specific Group Policy.

Winsage

October 9, 2025

Tested: Why Remote Desktop Protocol (RDP) rejects Microsoft account logins

Some users are experiencing issues with Remote Desktop Protocol (RDP) rejecting Microsoft Account (MSA) credentials, displaying an error message about invalid credentials. This problem can arise from various technical factors, including: - Credential validation failures due to issues with Microsoft server interactions. - Problems with secure channel negotiation during the authentication process. - Time synchronization or DNS resolution issues affecting credential verification. - Misconfigured credential policies that block MSA logins over RDP. - Network-Level Authentication requirements that may hinder access if the MSA does not meet security standards like two-factor authentication. - Account restrictions or conditional access policies that impose specific compliance requirements. - Corruption of the user profile associated with the MSA. - Software conflicts or updates, particularly with recent Cumulative Updates or third-party security tools. To address MSA authentication failures, creating a local administrator account on the target machine can serve as a workaround for RDP access. Some users have noted that while most PCs function well with an MSA, certain systems require a local account for successful connections, particularly on Windows versions 24H2 and 25H2 within Insider Preview builds.