Microsoft has recognized a significant issue affecting users of Windows 11 version 24H2, version 25H2, and Windows Server 2025. Following the release of patches on and after August 29, 2025, many users are encountering persistent login failures linked to duplicate Security Identifiers (SIDs) on their devices.
Widespread Authentication Failures
Reports from IT teams indicate that after the installation of the preview update KB5064081 (OS Build 26100.5074) or the cumulative update KB5065426 (OS Build 26100.6584), devices sharing identical SIDs are struggling to complete Kerberos or NTLM authentication handshakes. This situation leads to repeated prompts for username and password, even when users enter valid credentials. Common error messages include:
- “Login attempt failed”
- “Your credentials didn’t work”
- “There is a partial mismatch in the machine ID”
In addition, shared network folders become inaccessible, whether accessed via IP address or hostname. Remote Desktop connections, including those initiated through Privileged Access Management tools, also experience failures. In clustered environments, Failover Clustering may break down, presenting users with an “access denied” message. Administrators investigating these issues in the Event Viewer will likely see the Security log filled with SECENO_CREDENTIALS errors, alongside Event ID 6167 from lsasrv.dll, indicating a partial machine ID mismatch.
Root Cause and Impact
The root of the problem lies in enhanced security checks aimed at preventing duplicate SIDs. The updates released post-August 29, 2025, enforce stricter measures regarding SID uniqueness. When two machines share the same SID, authentication handshakes are blocked as a security precaution. The appearance of Event ID 6167 highlights these failed requests, suggesting that the presented ticket may have been tampered with or originates from a different boot session.
Duplicate SIDs typically arise when administrators clone or duplicate a Windows installation without utilizing Sysprep to generalize the image. Sysprep is essential as it assigns a new unique SID for each installation, a requirement now strictly enforced by the latest updates on Windows 11 and Windows Server 2025.
Microsoft recommends that organizations rebuild any devices exhibiting duplicate SIDs using supported methods to ensure unique identifiers. This process involves running Sysprep prior to capturing images for deployment. For detailed guidance, organizations can refer to Microsoft’s policy on disk duplication of Windows installations.
As a temporary measure, administrators can install and configure a specific Group Policy provided by Microsoft Support for Business. To access this policy, organizations should reach out to Microsoft’s business support channels.
By addressing SID duplication and adopting supported cloning techniques, businesses can mitigate these authentication failures and maintain a smooth login experience on updated Windows platforms. Ongoing monitoring and adherence to best practices in deployment will be crucial for IT teams to avoid similar challenges in the future.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
