Install the Known Issue Rollback and then use the group policy editor to disable it. Download link in the answer from GTS-NJ.
Windows 11 24H2 SMB authentication failure between domain-joined machines cloned from same image
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 93%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWR%3C/text%3E%3C/svg%3E)
Wilmer Ramos
25
Reputation points
We are experiencing SMB authentication issues between domain-joined machines after deploying multiple Windows 11 24H2 devices using a cloned image.
Environment:
- OS: Windows 11 24H2 (fully updated, including recent cumulative updates such as KB5068861)
- Domain environment (Active Directory)
- Multiple client machines deployed from the same golden image
- Some machines acting as file/print servers (shared printers and administrative shares like C$)
Issue:
When attempting to access shared resources (e.g. \\hostname\share or \\hostname\C$), authentication fails even when using valid domain administrator credentials.
- Users are prompted for credentials
- Credentials are rejected consistently
- Access to shared folders and printers is blocked
- Behavior is inconsistent with previous Windows 10 deploymentsWe are experiencing SMB authentication issues between domain-joined machines after deploying multiple Windows 11 24H2 devices using a cloned image.
Windows for business | Windows Client for IT Pros | User experience | Other
Answer accepted by question author
Answer accepted by question author
-
MotoX80 37,516 Reputation points2026-04-04T13:37:34.85+00:00 -
Wilmer Ramos 25 Reputation points
2026-04-06T14:08:00.26+00:00 This solution solved the problem. thank you so much
-
Wilmer Ramos 25 Reputation points
2026-04-06T14:11:41.79+00:00 Aplicar el Known Issue Rollback de Microsoft
$url = "https://download.microsoft.com/download/c6c70455-59ce-4d47-b13c-56b99d0435f1/Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5065426 250923_06201 Known Issue Rollback.msi"
Start-Process msiexec -ArgumentList "/i"$url"" -Waitafter do that, make this:
Then in Local Group Policy Editor (gpedit.msc) -
Local Computer Policy / Administrative Templates \ KB5065426_20250923_06201 Known Issue Rollback
Set to Disabled.
Reboot
After do this all steps, the problem will be fixed.
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 21%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Thomas4-N 13,065 Reputation points Microsoft External Staff Moderator2026-04-04T10:48:43.07+00:00 Hello Wilmer Ramos,
I came across this article that looks very similar to what you're describing: KB5070568 – Kerberos and NTLM authentication failures due to duplicate SIDs
It points to Windows updates released on/after August 29, 2025 (starting with KB5064081) introducing stricter SID uniqueness enforcement during Kerberos/NTLM authentication. If your machines were cloned without Sysprep, they likely share the same machine SID — and Windows now blocks the authentication handshake between them, which would explain why valid credentials are still being rejected.
You can verify this by checking Event Viewer > System log on affected machines for lsasrv Event ID 6167: "There is a partial mismatch in the machine ID."
If this is indeed the case, the fix per the article is to rebuild affected machines using Sysprep (
sysprep /generalize) so each gets a unique SID before redeployment.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Thomas4-N 13,065 Reputation points Microsoft External Staff Moderator
2026-04-05T11:24:08.05+00:00 Hello Wilmer Ramos,
Just check in to see if the above information was helpful.
Have you had a chance to check the answer provided? Any update would be appreciated.
-
Wilmer Ramos 25 Reputation points
2026-04-05T12:35:46.9533333+00:00 Thank you for reply Thomas4-N, i will test this solution tomorrow in the office, when i test i will reply here to tell you if works right? thanks again.
Sign in to comment -