Kerberos and NTLM authentication failures due to duplicate SIDs

Symptoms 

You might experience Kerberos and New Technology LAN Manager (NTLM) authentication failures across devices that have duplicate Security IDs (SIDs). This issue might occur in Windows 11, version 24H2, Windows 11, version 25H2, and Windows Server 2025 after installing the Windows updates released on and after: 

• August 29, 2025—KB5064081 (OS Build 26100.5074) Preview

• September 9, 2025—KB5065426 (OS Build 26100.6584)

These authentication failures can manifest as a variety of symptoms, including: 

• Users are repeatedly prompted for credentials.

• Access requests with valid credentials fail with on-screen errors, such as:

  • Login attempt failed.

  • Login failed/your credentials didn't work.

  • There is a partial mismatch in the machine ID.

  • The username or password is incorrect.

• Shared network folders cannot be accessed via IP address or hostname.

• Remote desktop connections cannot be established, including Remote Desktop Protocol (RDP) sessions initiated through Privileged Access Management (PAM) solutions or third-party tools.

• Failover Clustering fails with an "access denied" error.

• Event Viewer might display one of the following errors in the Windows logs:

  • The Security log contains the SEC_E_NO_CREDENTIALS error.

  • The System log contains Local Security Authority Server Service (lsasrv.dll) Event ID: 6167 with the message text:

    There is a partial mismatch in the machine ID. This indicates that the ticket has either been manipulated or it belongs to a different boot session.

Cause

Windows updates released on and after August 29, 2025 include added security protections that enforce checks on SIDs, causing authentication to fail when devices have duplicate SIDs. This design change blocks authentication handshakes between such devices. Failed authentication requests related to these security protections are identified by Local Security Authority Server Service (lsasrv.dll) Event ID: 6167 in the System event log. 

Duplicate SIDs can be created when performing unsupported cloning or duplication of a Windows installation without running Sysprep. SID uniqueness enabled by Sysprep is required for OS duplication on Windows 11, versions 24H2 and 25H2, and Windows Server 2025 after installing Windows updates on and after August 29, 2025. 

For more information, see The Microsoft policy for disk duplication of Windows installations. 

Resolution

For a permanent resolution, devices containing duplicate SIDs will need to be rebuilt using supported methods for cloning or duplicating a Windows installation so that they have unique SIDs. 

IT administrators can temporarily address this issue by installing and configuring a special Group Policy. To obtain this special Group Policy, please contact Microsoft’s Support for business.