Windows: Network login problems with cloned SIDs
Since the August preview updates, network logins for cloned Windows installations with identical SIDs are experiencing issues.
(Image: heise online / dmk)
Anyone running Windows with cloned or duplicated installations on the network may experience unwanted network behavior since the late August preview update or the security updates from the Microsoft September Patchday. Logins fail, communication between workstations and servers no longer works.
This is now being addressed by Microsoft in a support article. We also have a reader's note regarding these issues. The problem description specifically states that authentication failures with Kerberos and NTLM occur on devices with duplicate Security Identifiers (SIDs). This affects Windows 11 24H2 and 25H2, as well as Windows Server 2025, after installing the August preview updates or the September patches.
Diverse Symptoms
Microsoft lists various possible symptoms that users may encounter in such a situation: For example, repeated prompts to enter credentials or access requests with valid credentials that lead to error messages such as "Login attempt failed", "Login failed/Your credentials did not work", "There is a partial mismatch in the machine ID" or simply "Username or password is incorrect".
Further effects include that access to network shares fails whether using an IP address or hostname, Remote Desktop sessions cannot be established, "Failover Clustering" fails with an "Access denied" message, or in the event logs, for example in the security log, the message "SEC_E_NO_CREDENTIALS" or in the system log the LSASS Event ID 6167 with the message "There is a partial mismatch in the machine ID. This indicates that the ticket has either been manipulated or it belongs to a different boot session." appears.
Videos by heise
Causes and Solutions
Regarding the cause, Microsoft explains that the Windows updates since the end of August introduce enforced SID checks as an additional protective measure, which now trigger authentication errors with SID duplicates. The design change blocks authentication handshakes between such devices.
Duplicate SIDs occur, for example, when using forms of cloning or duplicating Windows installations not supported by Microsoft without subsequently running Sysprep. "Enabled SID uniqueness in Sysprep is necessary for operating system duplication of Windows 11 24H2, 25H2, and Server 2025 after installing Windows updates after August 29, 2025," Microsoft writes. For a permanent solution, devices with duplicate SIDs must be reinstalled using officially supported methods for cloning or duplicating Windows installations to obtain a unique SID. For a temporary solution, IT administrators can contact Microsoft Business Support, who can provide a special group policy for this purpose.
(dmk)
