Microsoft says Windows update may have caused login problems

Microsoft has made another admission that its updates for Windows may have caused problems for some people. The company says that updates released for Windows 11, version 24H2, Windows 11, version 25H2, and Windows Server 2025 in August and September could have resulted in login issues for some.

There are two offending update – namely the August 29, 2025—KB5064081 (OS Build 26100.5074) Preview and September 9, 2025—KB5065426 (OS Build 26100.6584) – which Microsoft says could lead to Kerberos and New Technology LAN Manager (NTLM) authentication failures.

The company explains that the problems will be noticed on devices that have duplicate Security IDs (SIDs).

It goes on to detail some of the symptoms that affected users may experience:

• Users are repeatedly prompted for credentials.
• Access requests with valid credentials fail with on-screen errors, such as:

§  Login attempt failed.

§  Login failed/your credentials didn't work.

§  There is a partial mismatch in the machine ID.

§  The username or password is incorrect.

• Shared network folders cannot be accessed via IP address or hostname.
• Remote desktop connections cannot be established, including Remote Desktop Protocol (RDP) sessions initiated through Privileged Access Management (PAM) solutions or third-party tools.
• Failover Clustering fails with an "access denied" error.
• Event Viewer might display one of the following errors in the Windows logs:

§  The Security log contains the SEC_E_NO_CREDENTIALS error.

§  The System log contains Local Security Authority Server Service (lsasrv.dll) Event ID: 6167 with the message text:

There is a partial mismatch in the machine ID. This indicates that the ticket has either been manipulated or it belongs to a different boot session.

Detailing when cause of the problems, Microsoft says:

Windows updates released on and after August 29, 2025 include added security protections that enforce checks on SIDs, causing authentication to fail when devices have duplicate SIDs. This design change blocks authentication handshakes between such devices. Failed authentication requests related to these security protections are identified by Local Security Authority Server Service (lsasrv.dll) Event ID: 6167 in the System event log. 

Duplicate SIDs can be created when performing unsupported cloning or duplication of a Windows installation without running Sysprep. SID uniqueness enabled by Sysprep is required for OS duplication on Windows 11, versions 24H2 and 25H2, and Windows Server 2025 after installing Windows updates on and after August 29, 2025. 

For more information, see The Microsoft policy for disk duplication of Windows installations. 

There is not an automated fix for this issue, unfortunately; administrators will have to follow this advice from Microsoft:

For a permanent resolution, devices containing duplicate SIDs will need to be rebuilt using supported methods for cloning or duplicating a Windows installation so that they have unique SIDs. 

IT administrators can temporarily address this issue by installing and configuring a special Group Policy. To obtain this special Group Policy, please contact Microsoft’s Support for business. 

Image credit: HJBC / depositphotos