Microsoft has recognized a significant authentication issue impacting users of its recent Windows versions, a problem that has emerged from security enhancements introduced in updates rolled out since late August 2025.
The company has provided insights into how these updates are causing failures in Kerberos and NTLM protocols on devices that share identical Security Identifiers (SIDs). This situation has led to widespread login disruptions across various enterprise networks.
This acknowledgment highlights the delicate balance between enhancing security measures and maintaining compatibility within cloned or duplicated systems.
Windows Operating Systems Affected
Users experiencing difficulties include those on Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. Following the installation of updates such as KB5064081 on August 29, 2025, and KB5065426 on September 9, 2025, many have reported a variety of frustrating issues.
- Repeated credential prompts despite entering valid information.
- Error messages such as “Login attempt failed,” “Your credentials didn’t work,” or “There is a partial mismatch in the machine ID.”
In addition, network access has been compromised, preventing connections to shared folders via IP or hostname and blocking Remote Desktop Protocol (RDP) sessions. This disruption extends even to those sessions routed through Privileged Access Management (PAM) tools or third-party software.
Furthermore, Failover Clustering operations have come to a standstill, often displaying “access denied” errors, which complicates high-availability setups in data centers. Event Viewer logs have provided critical insights, revealing issues such as SECENO_CREDENTIALS in the Security log and Local Security Authority Server Service (lsasrv.dll) Event ID 6167 in the System log. These logs indicate a machine ID mismatch, suggesting potential ticket manipulation or session discrepancies.
These authentication challenges have been particularly pronounced in virtual desktop infrastructure (VDI) environments, such as those utilizing Citrix MCS, where multiple machines derived from the same image share SIDs. This situation exacerbates authentication failures during RDP or file sharing.
At the core of this disruption is a deliberate security enhancement in the recent updates, which now rigorously verifies SIDs during authentication handshakes to prevent unauthorized access. Microsoft has clarified that duplicate SIDs, often a result of improper cloning of Windows installations without the Sysprep tool, are no longer acceptable under this updated protocol.
Sysprep is designed to ensure the uniqueness of SIDs, a practice Microsoft has long advocated for duplicating OS images. However, the August updates have enforced this requirement more stringently, effectively blocking interactions between affected devices.
This shift aligns with Microsoft’s ongoing policy against unsupported disk duplication methods that can lead to identical SIDs across networks, which pose significant risks in enterprise environments.
While these changes aim to bolster protection against potential exploits, they have caught many IT teams off guard, especially in scenarios involving rapid VM deployments or legacy imaging practices.
For immediate relief, IT administrators have the option to deploy a specialized Group Policy to alleviate the authentication blocks. However, obtaining this requires contacting Microsoft Support for business.
Microsoft recommends that the ultimate solution involves rebuilding impacted devices using approved cloning procedures that incorporate Sysprep, thereby ensuring each system generates a unique SID.
Organizations that rely on tools like VMware or Citrix for VDI provisioning may need to reassess their workflows to comply with these new requirements, which could lead to delays in updates until imaging processes are revised.
As of October 21, 2025, no broader patch has been released, but Microsoft continues to monitor reports from affected users.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
