Microsoft has recently acknowledged a significant authentication issue affecting users of Windows 11 versions 24H2, 25H2, and Windows Server 2025. This problem stems from security enhancements introduced in updates released since late August 2025, notably KB5064081 on August 29 and KB5065426 on September 9. These updates have led to widespread login disruptions across enterprise networks, particularly impacting devices with identical Security Identifiers (SIDs).
Understanding the Issue
The core of the problem lies in the way these updates handle authentication protocols, specifically Kerberos and NTLM. Devices sharing the same SIDs are experiencing failures during the authentication process, resulting in repeated credential prompts and error messages such as Login attempt failed, Your credentials didn’t work, or There is a partial mismatch in the machine ID. These issues are prevalent in environments where systems have been cloned or duplicated without ensuring unique SIDs.
Impact on Network Operations
The authentication failures have broader implications for network operations:
– Network Access: Users are unable to connect to shared folders via IP or hostname, disrupting collaborative workflows.
– Remote Desktop Protocol (RDP) Sessions: RDP sessions, including those managed through Privileged Access Management (PAM) tools or third-party software, are being blocked, hindering remote access capabilities.
– Failover Clustering Operations: High-availability setups in data centers are facing access denied errors, complicating failover clustering operations.
Event Viewer logs provide critical insights into these issues, with entries like SEC_E_NO_CREDENTIALS in the Security log and Local Security Authority Server Service (lsasrv.dll) Event ID 6167 in the System log, indicating machine ID mismatches suggestive of ticket manipulation or session discrepancies.
Virtual Desktop Infrastructure (VDI) Environments
The problem is particularly acute in VDI environments, such as those utilizing Citrix Machine Creation Services (MCS). In these setups, multiple machines derived from the same image share SIDs, exacerbating authentication breakdowns during RDP sessions or file sharing activities.
Root Cause: Enhanced Security Measures
At the heart of this disruption is a deliberate security upgrade in the recent updates. Microsoft has implemented stricter SID verification during authentication handshakes to prevent unauthorized access. This means that devices with duplicate SIDs, often resulting from improper cloning of Windows installations without using the Sysprep tool, are now being blocked. Sysprep ensures each system generates a unique SID, a practice Microsoft has long recommended. The August updates enforce this requirement more stringently, aligning with Microsoft’s policy against unsupported disk duplication methods that can propagate identical SIDs across networks, posing security risks.
Immediate Mitigation and Long-Term Solutions
For immediate relief, IT administrators can deploy a specialized Group Policy to mitigate the authentication blocks. However, this requires contacting Microsoft Support for business to obtain the necessary policy. Microsoft suggests that the definitive solution involves rebuilding impacted devices using approved cloning procedures that incorporate Sysprep, ensuring each system generates a unique SID. Organizations relying on tools like VMware or Citrix for VDI provisioning may need to revise their workflows to comply with these requirements, potentially delaying updates until imaging processes are updated.
Broader Context: Microsoft’s Shift Towards Microsoft Accounts
In addition to the SID-related issues, Microsoft is testing changes in Windows 11 that could restrict or prevent setting up the operating system with a local-only account. The company is removing previously known workarounds to enforce Microsoft account sign-ins during the out-of-box experience (OOBE). Microsoft claims these measures ensure users don’t skip essential setup steps, which could cause system configuration issues or crashes. Additionally, an internet connection is now required during setup. These changes currently apply to clean installations, not managed devices. Although some users have countered the restrictions with methods like unattended installs or creating admin accounts post-setup, concerns persist about privacy and unwanted Microsoft software. This crackdown coincides with the nearing end-of-life for Windows 10, potentially pushing more users toward Microsoft products like OneDrive and Microsoft 365. As this is currently limited to pre-release testing via the Windows Insider program, it remains uncertain if or when this feature will reach general public builds. Public backlash could influence Microsoft’s final decision.
User Experiences and Community Feedback
Users have reported various login issues following recent updates. For instance, after upgrading to Windows 11 24H2, some users experienced failures such as Windows Hello PINs stopping working, Other User appearing on the lock screen, and system apps breaking. In some cases, in-place repairs did not fix the issues, leading to the need for clean installations of previous versions to restore functionality. These experiences highlight the challenges users face with recent updates and the importance of thorough testing and backup strategies.
Conclusion
Microsoft’s recent updates aim to enhance security by enforcing unique SIDs during authentication processes. While these measures are intended to prevent unauthorized access, they have inadvertently caused significant login issues for users, especially in environments with cloned or duplicated systems. IT administrators are advised to review their system imaging and deployment practices to ensure compliance with Microsoft’s security requirements. For immediate assistance, contacting Microsoft Support to obtain the specialized Group Policy is recommended. As Microsoft continues to monitor reports from affected users, further updates and guidance are expected to address these challenges.
