Microsoft Authentication Failures Due to Duplicate SIDs

December 4, 2025

Microsoft has released guidance regarding Kerberos and NTLM authentication failures caused by duplicate machine SIDs. This typically affects environments where Windows systems were cloned without using Sysprep or a supported image-preparation process.

What’s happening

Recent Windows updates include stricter security enforcement, and duplicate machine SIDs can now lead to:

• Failed Kerberos logins
• NTLM authentication issues
• Loss of access to shared drives or network resources
• Domain join or trust relationship failures

Who is affected

Organizations that use cloning or imaging processes that do not generate a unique SID for each system.

Recommended action

TRC recommends auditing affected systems and ensuring each device has a properly generated unique SID. Our team can assist in identifying, correcting, and preventing these issues across your environment.

If you believe your systems may be affected, please contact us to schedule a review.