Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing Security Identifiers.
Windows uses unique alphanumeric strings known as Security Identifiers (SIDs) to track and manage user accounts, groups, and computer accounts. SIDs are also used internally by the operating system for access control, permissions management, and security auditing, instead of relying on account names.
“You might experience Kerberos and New Technology LAN Manager (NTLM) authentication failures across devices that have duplicate Security IDs (SIDs),” Microsoft said in a support document published on Tuesday.
“Windows updates released on and after August 29, 2025 include added security protections that enforce checks on SIDs, causing authentication to fail when devices have duplicate SIDs. This design change blocks authentication handshakes between such devices.”
These authentication failures can lead to a wide range of issues on Windows 11 24H2, Windows 11 25H2, and Windows Server 2025 systems, including failing remote desktop connections and “access denied” errors when trying to access various resources on the network.
The list of potential symptoms also includes failed login attempts when using valid credentials, with the following errors:
-
Login attempt failed.
-
Login failed/your credentials didn’t work.
-
There is a partial mismatch in the machine ID.
-
The username or password is incorrect.
On affected devices, users see SEC_E_NO_CREDENTIALS errors in the Event Viewer and Local Security Authority Server Service errors, warning that “There is a partial mismatch in the machine ID. This indicates that the ticket has either been manipulated or it belongs to a different boot session.”
Linked to Windows installations not prepared for imaging
As Microsoft explained, such duplicate SIDs can be created when cloning or duplicating a Windows installation if it’s not prepared for imaging using the Sysprep (System Preparation) tool.
“SID uniqueness enabled by Sysprep is required for OS duplication on Windows 11, versions 24H2 and 25H2, and Windows Server 2025 after installing Windows updates on and after August 29, 2025,” Microsoft said.
Redmond advised IT administrators to rebuild systems with duplicate SIDs using supported methods for cloning or duplicating a Windows installation to fix these authentication issues.
Admin can also temporarily address this known issue by installing and configuring a special Group Policy, which can only be obtained after reaching out to Microsoft’s Support for business.
In April, Microsoft fixed another known issue causing authentication problems on Windows domain controllers after installing the April 2025 security updates.
More recently, Microsoft shared guidance on Friday on resolving smart card authentication issues impacting Windows 10, Windows 11, and Windows Server systems.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Source link
