authentication failures Archives

Winsage

January 27, 2026

Microsoft Phases Out RC4 in Kerberos to Boost Security

Microsoft is phasing out the RC4 encryption method used in Kerberos to address vulnerability CVE‑2026‑20833, which allows attackers to exploit weak encryption for offline cracking of service account passwords. The transition timeline includes an initial phase starting January 13, 2026, with new Kerberos audit events and optional registry controls to identify RC4 usage. In April 2026, domain controllers will default to AES‑SHA1, disabling fallback to RC4. By July 2026, Microsoft will remove Audit mode and enforce Enforcement mode, eliminating RC4 from the Kerberos protocol. Organizations are advised to update Active Directory Domain Controllers, monitor System event logs for new audit events, address KDCSVC events, and activate Enforcement mode to enhance security against RC4-related vulnerabilities.

Winsage

January 20, 2026

Microsoft issues emergency patch for latest Windows bugs

Microsoft released the January Patch Tuesday update on January 13, 2026, addressing over 110 security vulnerabilities. The update introduced bugs affecting Windows 11, Windows 10, and Windows Server. The first issue involves authentication failures when connecting to a Cloud PC via Remote Desktop, primarily affecting Windows 11 25H2, Windows 10 22H2 ESU, and Windows Server 2025. The second issue affects systems with Secure Launch enabled, causing unexpected restarts instead of shutting down or entering hibernation mode, specifically impacting Windows 11 23H2. Microsoft has released emergency patches for the affected versions, which include: - Windows 11, versions 25H2 and 24H2 (KB5077744) - Windows 11, version 23H2 (KB5077797) - Windows 10, version 22H2 ESU and Windows 10 Enterprise LTSC 2021 (KB5077796) - Windows Server 2025 (KB5077793) - Windows Server 2022 (KB5077800) - Windows Server 2019 and Enterprise LTSC 2019 (KB5077795)

Winsage

January 19, 2026

Emergency Windows 11 Updates Fix Shutdown And Remote Desktop Failures

Microsoft released two emergency out-of-band updates, KB5077744 and KB5077797, to address critical issues with Windows 11 following the January 2026 security updates. Users experienced problems with system shutdowns, hibernation failures, and Remote Desktop authentication issues. The updates target Windows 11 version 23H2 with Secure Launch enabled and also affect Windows 11 version 25H2, Windows 10 22H2 ESU, and Windows Server 2025. The updates are being distributed automatically via Windows Update, but manual intervention may be needed for devices with paused updates or managed through enterprise policies. Microsoft recommends affected users install the updates promptly to restore normal functionality.

Winsage

January 16, 2026

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Jen Easterly has been appointed as the new Chief Executive Officer of the RSA Conference. She is a cybersecurity expert and former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Palo Alto Networks has released security updates for a vulnerability (CVE-2026-0227) with a CVSS score of 7.7 affecting its GlobalProtect Gateway and Portal, which can cause a denial-of-service condition in PAN-OS software. The January 2026 security update from Microsoft has caused connection and authentication failures in Azure Virtual Desktop and Windows 365, affecting users across various Windows versions. Microsoft is working on a resolution. The chief constable of West Midlands Police acknowledged an error by Microsoft’s Copilot AI in generating a fictional intelligence report. Microsoft has not confirmed Copilot's involvement. Britain’s National Cyber Security Centre (NCSC) has collaborated with Five Eyes partners to provide guidance on securing industrial operational technology, highlighting risks associated with remotely monitored systems. Kyowon, a South Korean conglomerate, confirmed a ransomware attack on January 10 that may have compromised customer information, affecting approximately 5.5 million members. Researchers at Varonis have identified a new attack technique called "Reprompt" that allows data exfiltration from Microsoft Copilot via a malicious link, exploiting a Parameter 2 Prompt (P2P) injection technique. Central Maine Healthcare is notifying over 145,000 patients about a data breach that compromised personal, treatment, and health insurance information, discovered on June 1.

Winsage

January 15, 2026

Windows App forgets how to log in with first security update of the year

Microsoft's January security update, released on January 13, 2026, has caused connection and authentication failures for users of Azure Virtual Desktop and Windows 365, particularly affecting those using the Windows App. The update has resulted in credential prompt failures during Remote Desktop connections across all supported Windows versions, from Enterprise LTSC 2016 to Windows 11 25H2, as well as Windows Servers from 2019 to 2025. Microsoft is investigating the issue and plans to release an out-of-band update soon. Users have been advised to either uninstall the update or use the Remote Desktop Client or the Windows App web client as workarounds. Reports indicate persistent issues, including an "Unable to Authenticate" error when attempting to connect via the Windows App. Microsoft has also made a Known Issue Rollback available to address these credential problems.

Winsage

January 6, 2026

How to generate a Wi-Fi report on Windows 11

Connectivity issues with wireless adapters on Windows 11 can include sluggish internet speeds, sporadic connections, or complete disconnection from networks. These problems may arise from outdated drivers, signal interference, router limitations, misconfigured settings, physical distance, or issues with the internet service provider. To generate a wireless report, open Command Prompt as an administrator and enter the command: netsh wlan show wlanreport. The report will be saved as an HTML file, typically located in C:ProgramDataMicrosoftWindowsWlanReport. The Wi-Fi report provides details on connection sessions, including duration and errors, and includes sections for report info, general system info, user info, network adapters, and script output. It summarizes connection successes and failures, and catalogs wireless session events with specific details. The report can help diagnose issues like driver problems, authentication failures, and unstable connections, but it does not automatically fix network problems. It lists the wireless adapter name, driver version, and error codes for troubleshooting purposes.

Winsage

November 3, 2025

Microsoft Sounds Windows 11 And Server Update Failure Alarm

Microsoft has confirmed that users of Windows 11 and Windows Server are experiencing authentication failures due to updates released on or after August 29. This issue, detailed in Microsoft Support posting KB5070568, is linked to duplicate Security IDs (SIDs) on devices, affecting Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. The problem arises from new security protections that enforce checks on SIDs, which are necessary to maintain user account integrity and prevent unauthorized access. Duplicate SIDs typically result from unsupported cloning or duplication of a Windows installation without using the Sysprep tool. The recent update mandates SID uniqueness, blocking authentication handshakes between devices with duplicate SIDs. To resolve this, users must rebuild their devices using supported methods for cloning or duplicating a Windows installation to ensure unique SIDs.

Winsage

October 24, 2025

Weird Authentication Failures? Could Be That Microsoft Doesn’t Like Duplicate SIDs Anymore

Microsoft has introduced a feature that requires unique Security Identifiers (SIDs) across systems, effective August 29, 2025, impacting users who previously cloned images with duplicate SIDs for Kerberos or NTLM connections. This change has led to SECENO_CREDENTIALS errors in the Event Viewer and other reported issues. Microsoft recommends using the Sysprep tool for fresh machine setups. A workaround exists through a Group Policy setting that allows duplicate SIDs, but users must contact Microsoft support to access it, as it is not available by default. This update marks the third occurrence of authentication errors associated with Microsoft updates.

Winsage

October 23, 2025

Microsoft says Windows update may have caused login problems

Microsoft has acknowledged that recent updates for Windows operating systems, specifically Windows 11 versions 24H2 and 25H2, and Windows Server 2025, may have caused login complications for some users. The problematic updates are KB5064081 (OS Build 26100.5074) released on August 29, 2025, and KB5065426 (OS Build 26100.6584) released on September 9, 2025. These updates can lead to authentication failures related to Kerberos and NTLM protocols, particularly on devices with duplicate Security IDs (SIDs). Symptoms include repeated prompts for credentials, failed access requests, inability to access shared network folders, challenges in establishing Remote Desktop connections, and specific error messages logged in the Event Viewer. The root cause is enhanced security measures that enforce checks on SIDs, which can block authentication handshakes when devices have duplicate SIDs, often due to unsupported cloning methods. There is no automated fix; administrators are advised to rebuild devices with duplicate SIDs using supported cloning methods or to configure a special Group Policy for a temporary workaround.

Winsage

October 23, 2025

Microsoft Confirms Recent Updates Causing Login Issues Across Windows Versions

Microsoft has identified a significant issue affecting users of Windows 11 version 24H2, version 25H2, and Windows Server 2025, where many users experience persistent login failures due to duplicate Security Identifiers (SIDs) after installing updates released on or after August 29, 2025. Reports indicate that after installing the preview update KB5064081 or the cumulative update KB5065426, devices with identical SIDs struggle to complete Kerberos or NTLM authentication, leading to repeated prompts for credentials and common error messages such as "Login attempt failed" and "Your credentials didn’t work." Shared network folders become inaccessible, and Remote Desktop connections fail. The root cause is enhanced security checks enforcing SID uniqueness, which block authentication handshakes when duplicate SIDs are detected. Duplicate SIDs typically occur when administrators clone Windows installations without using Sysprep, which is necessary to assign unique SIDs. Microsoft recommends rebuilding devices with duplicate SIDs using supported methods and running Sysprep prior to capturing images for deployment. As a temporary measure, administrators can install a specific Group Policy provided by Microsoft Support for Business.