Microsoft has acknowledged that the patches released on and after August 29, 2025, are causing login failures on certain Windows devices.
Users of Windows 11 version 24H2, version 25H2, and Windows Server 2025 may see repeated credential prompts and failed sign-in attempts in environments where machines share duplicate Security Identifiers (SIDs).
Widespread Authentication Failures
After installing the preview update KB5064081 (OS Build 26100.5074) or the cumulative update KB5065426 (OS Build 26100.6584), IT teams have reported that devices with identical SIDs are unable to complete Kerberos or NTLM authentication handshakes.
Affected systems repeatedly ask users to re-enter their username and password.
Even valid credentials are rejected with errors such as “Login attempt failed,” “Your credentials didn’t work,” or “There is a partial mismatch in the machine ID.”
Shared network folders become inaccessible whether accessed via IP address or hostname.
Remote Desktop connections, including sessions launched through Privileged Access Management tools, also fail.
In clustered environments, Failover Clustering can break with an “access denied” message.
Administrators examining the Event Viewer may find the Security log populated with SEC_E_NO_CREDENTIALS errors and the System log showing Event ID 6167 from lsasrv.dll, which indicates a partial machine ID mismatch.
Root Cause and Impact
The issue stems from added security checks targeting duplicate SIDs. Windows updates released on and after August 29, 2025, include stricter enforcement of SID uniqueness.
When two machines share the same SID, the update blocks authentication handshakes as a security protection.
Event ID 6167 flags these failed requests, signaling that the ticket presented either was tampered with or belongs to a different boot session.
Duplicate SIDs typically occur when administrators clone or duplicate a Windows installation without running Sysprep to generalize the image.
Sysprep assigns a new unique SID for each installation, a requirement now enforced by the latest updates on Windows 11 and Windows Server 2025.
Microsoft advises rebuilding any devices with duplicate SIDs using supported methods that ensure unique identifiers.
This process involves running Sysprep before capturing images for deployment. Detailed guidance is available in Microsoft’s policy for disk duplication of Windows installations.
As a temporary workaround, administrators can install and configure a special Group Policy provided by Microsoft Support for Business. To obtain this policy, contact Microsoft’s business support channels.
By addressing SID duplication and choosing supported cloning techniques, organizations can prevent these authentication failures and ensure seamless login experiences on updated Windows platforms.
Continuous monitoring and adherence to deployment best practices will help IT teams avoid similar issues in the future.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1)%20(1).webp?resize=1600,900&ssl=1&description=Users of Windows 11 version 24H2, version 25H2, and Windows Server 2025 may see repeated credential prompts and failed sign-in attempts){kind=link}