Microsoft has acknowledged that recent updates for its Windows operating systems may have inadvertently led to login complications for some users. Specifically, updates for Windows 11, version 24H2, Windows 11, version 25H2, and Windows Server 2025, released in August and September, have been identified as potential culprits behind these issues.
Identifying the Problematic Updates
The updates in question are the August 29, 2025—KB5064081 (OS Build 26100.5074) Preview and the September 9, 2025—KB5065426 (OS Build 26100.6584). Microsoft has indicated that these updates may result in authentication failures related to Kerberos and New Technology LAN Manager (NTLM) protocols, particularly on devices with duplicate Security IDs (SIDs).
Users experiencing these issues may encounter a range of symptoms, including:
- Repeated prompts for credentials.
- Failed access requests despite valid credentials, accompanied by error messages such as:
- Login attempt failed.
- Login failed/your credentials didn’t work.
- There is a partial mismatch in the machine ID.
- The username or password is incorrect.
- Inability to access shared network folders via IP address or hostname.
- Challenges in establishing Remote Desktop connections, including those initiated through Privileged Access Management (PAM) solutions or third-party tools.
- Failover Clustering resulting in “access denied” errors.
- Event Viewer logs displaying errors such as:
- The Security log contains the SECENO_CREDENTIALS error.
- The System log shows Local Security Authority Server Service (lsasrv.dll) Event ID: 6167 with messages indicating a partial mismatch in the machine ID.
Understanding the Root Cause
Microsoft elaborated on the underlying cause of these issues, stating that updates released on or after August 29, 2025, introduced enhanced security measures that enforce checks on SIDs. This change can lead to authentication failures when devices possess duplicate SIDs, effectively blocking authentication handshakes between them. The failed authentication requests are logged under Local Security Authority Server Service (lsasrv.dll) Event ID: 6167.
Duplicate SIDs can occur during unsupported cloning or duplication of a Windows installation without utilizing the Sysprep tool. The uniqueness of SIDs, ensured by Sysprep, is essential for OS duplication on Windows 11, versions 24H2 and 25H2, and Windows Server 2025 following updates released after August 29, 2025.
Steps for Resolution
Unfortunately, there is no automated fix available for this issue. Administrators are advised to take the following steps for a permanent resolution:
- Rebuild devices containing duplicate SIDs using supported methods for cloning or duplicating a Windows installation to ensure unique SIDs.
For a temporary workaround, IT administrators can install and configure a special Group Policy. To obtain this Group Policy, they are encouraged to reach out to Microsoft’s Support for business.
Image credit: HJBC / depositphotos
