Microsoft has acknowledged a big authentication drawback affecting customers of latest Home windows variations, stemming from safety enhancements in updates launched since late August 2025.
The corporate detailed how these updates are triggering Kerberos and NTLM failures on units sharing equivalent Safety Identifiers (SIDs), resulting in widespread login disruptions throughout enterprise networks.
This subject, now formally documented, highlights the trade-offs between bolstering safety and sustaining compatibility in cloned or duplicated techniques.
Home windows Working Techniques Affected
Affected customers on Home windows 11 model 24H2, model 25H2, and Home windows Server 2025 report a variety of irritating signs following the set up of updates like KB5064081 on August 29, 2025, and KB5065426 on September 9, 2025.
Widespread points embrace repeated credential prompts regardless of coming into legitimate info, with error messages reminiscent of “Login try failed,” “Your credentials didn’t work,” or “There’s a partial mismatch within the machine ID.”
Community entry breaks down as properly, stopping connections to shared folders through IP or hostname and blocking Distant Desktop Protocol (RDP) classes, even these routed by way of Privileged Entry Administration (PAM) instruments or third-party software program.
Failover Clustering operations halt with “entry denied” errors, complicating high-availability setups in knowledge facilities. Occasion Viewer logs reveal vital clues, together with SEC_E_NO_CREDENTIALS within the Safety log and Native Safety Authority Server Service (lsasrv.dll) Occasion ID 6167 within the System log, signaling a machine ID mismatch that implies ticket manipulation or session discrepancies.
These issues have surfaced prominently in digital desktop infrastructure (VDI) environments, reminiscent of these utilizing Citrix MCS, the place a number of machines derived from the identical picture share SIDs, exacerbating authentication breakdowns throughout RDP or file sharing.
On the coronary heart of this disruption lies a deliberate safety improve within the updates, which now rigorously verifies SIDs throughout authentication handshakes to forestall unauthorized entry.
Microsoft explains that duplicate SIDs, usually ensuing from improper cloning of Home windows installations with out the Sysprep instrument, are now not tolerated below this new regime.
Sysprep ensures SID uniqueness, a requirement Microsoft has lengthy really helpful for duplicating OS photos, however the August updates implement it extra stringently, blocking interactions between affected units.
This transformation aligns with Microsoft’s coverage in opposition to unsupported disk duplication strategies, which might propagate equivalent SIDs throughout networks, posing dangers in enterprise settings.
Whereas supposed to reinforce safety in opposition to potential exploits, the enforcement has caught many IT groups off guard, notably in eventualities involving speedy VM deployments or legacy imaging practices.
For rapid aid, IT directors can deploy a specialised Group Coverage to mitigate the authentication blocks, although this requires contacting Microsoft Help for enterprise to acquire it.
Nevertheless, Microsoft means that the definitive answer entails rebuilding impacted units utilizing authorised cloning procedures that incorporate Sysprep, guaranteeing every system generates a novel SID.
Organizations counting on instruments like VMware or Citrix for VDI provisioning might must revise their workflows to conform, probably delaying updates till imaging processes are up to date.
As of October 21, 2025, no broader patch has been rolled out, however Microsoft continues monitoring stories from affected customers.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
