Microsoft Confirms Kerberos and NTLM login Issues in Windows 11 and Server 2025

Duplicate SIDs behind widespread authentication issues

News
Rishaj Upadhyay
Rishaj Upadhyay Shield
News Editor
News
Reading time icon 2 min. read
Calendar icon EEST
windows 11

Microsoft has confirmed a new login issue affecting Windows 11, version 24H2, 25H2 and Windows Server 2025 systems. The company says the issue, which triggers Kerberos and NTLM authentication failures, is linked to devices that share duplicate Security IDs (SIDs).

According to Microsoft’s update, the issue first surfaced after users installed recent cumulative updates, including:

  • August 29, 2025 (KB5064081) (OS Build 26100.5074) Preview
  • September 9, 2025 (KB5065426) (OS Build 26100.6584)

Microsoft says these updates introduced new security protections that strictly enforce SID uniqueness, leading to failed authentication handshakes on systems cloned or duplicated incorrectly.

Users across affected devices are encountering multiple login and access problems. These include:

  • Repeated credential prompts and failed logins
  • Inability to access shared network folders
  • Remote Desktop Protocol (RDP) session errors
  • Failover Clustering operations are failing with “access denied”
  • In Event Viewer, admins might spot related errors like SEC_E_NO_CREDENTIALS or Local Security Authority Server Service (lsasrv.dll) Event ID: 6167, which reads:
    “There is a partial mismatch in the machine ID. This indicates that the ticket has either been manipulated or it belongs to a different boot session.”

The root cause of the issue

The problem stems from duplicate SIDs, which can occur when administrators clone Windows installations without running Sysprep. For the uninitiated, that’s a tool required to ensure unique identifiers for each deployment.

With the latest security changes in Windows 11 24H2, 25H2, and Windows Server 2025, Microsoft now enforces stricter validation checks, blocking authentication entirely when duplicate SIDs are detected.

Microsoft noted that the change was intentional. However, it has inadvertently disrupted some enterprise environments that rely on duplicated images or virtual machines made through unsupported cloning methods.

How to fix the issue

Microsoft wants you to check this guide and advises rebuilding affected systems using supported methods that generate unique SIDs. For IT admins looking for a temporary workaround, Microsoft is offering a special Group Policy that can suppress the SID enforcement behavior. However, this policy is available only by contacting Microsoft Support for Business.

This issue adds to a growing list of post-update headaches for enterprise IT teams running the latest versions of Windows 11 and Server 2025.

via: Bleeping Computer

More about the topics: 24h2, Windows 11, windows 11 25h2, Windows Update

Rishaj Upadhyay

Rishaj Upadhyay Shield

News Editor

Rishaj is a tech writer who has been writing professionally for over four years, with a passion for Android, Windows, and all things tech. He initially joined Windows Report as a tech journalist and is now taking over as a news editor. When he's not breaking the keyboard, you can find him cooking, or listening to music/podcasts.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages