MS now decided that we worked wrongly all along, and that they don't need to inform anyone of such substantial changes before release.
Windows 11 24H2 RDP, SMB, and printer sharing fail after KB5065426 (0xc000006d) between cloned workstations
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 12%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Dustin Bernier
80
Reputation points
- Environment:
- Windows 11 24H2, build 26100.6584 (KB5065426 installed).
- Domain-joined workstations (no issue with servers).
- Workstations were cloned, many share the same machine SID.
- Symptoms:
- RDP from Win11 → Win11 fails with 0xc000006d (STATUS_LOGON_FAILURE).
- SMB file sharing and printer sharing between Win11 workstations also fail.
- Console login and RDP from servers still work.
- What we tested (and didn’t work):
- Different credentials (domain admin, local admin).
- Disabling CredSSP/Extended Protection.
- Changing SecurityLayer/UserAuthentication registry settings.
- Verified certificates and bound listener.
- No Schannel or TLS errors logged.
- NLA enabled vs disabled → still fails until we drop SecurityLayer entirely.
- What did work (but not sustainable):
- Rolling back KB5065426 immediately restores RDP, SMB, printer sharing.
- Disabling all RDP security (SecurityLayer=0, NLA off) temporarily restores access.
- Hypothesis:
- Duplicate machine SIDs are being surfaced by new CredSSP/NLA changes in KB5065426 (and Aug preview KB5064081).
- Servers and Win10 clients not impacted → seems specific to Win11 24H2 peer-to-peer auth.
- Ask:
- Can Microsoft confirm if this is a known regression?
- Will there be a fix or guidance (registry/workaround) without reimaging or sysprepping 160+ machines?
- Is this going to be tracked on the Windows Release Health dashboard?
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
-
Dustin Bernier 80 Reputation points
2025-09-30T00:58:50.2566667+00:00 Troubleshooting Timeline (RDP / SMB / Print Failures on Win11 24H2)
Environment:
Windows 11 24H2, build 26100.6584 (KB5065426).
Domain-joined workstations cloned from same base image (duplicate machine SIDs).
Servers (2019/2022) and Windows 10 not impacted.
Scope: Win11 24H2 ↔ Win11 24H2 peer connections.
🔎 Tests that did not resolve the issue
✅ Verified RDP certificate binding — CN matches host, valid, private key present.
✅ Confirmed TermService running as NT AUTHORITY\NetworkService.
✅ Registry checks:
SuppressExtendedProtection=1,LmCompatibilityLevel=5.❌ Changed RDP listener settings: SecurityLayer (0/1/2), UserAuthentication (NLA on/off).
❌ Disabled/reenabled NLA.
❌ Disabling Credential Guard, adjusting LSA/NTLM policies.
❌ Checked Schannel, CredSSP logs — no TLS errors recorded, CredSSP empty.
❌ Different credentials (domain admin, local admin) tested.
❌ Firewall and AV exclusions verified.
⚡ Tests that temporarily worked
⬅️ Rolling back KB5065426 (or Aug preview KB5064081) immediately restored:
RDP peer access (Win11→Win11).
File sharing (SMB). Printer sharing. ⬅️ **Dropping RDP security completely**: `SecurityLayer=0` (RDP Security only). `UserAuthentication=0` (NLA disabled). Allowed peer access, but **not secure / not acceptable long-term**.
📝 Observations
Console login always works.
RDP from servers → Win11 24H2 hosts works (suggests peer SID collision problem, not server-side).
Event ID 4625 (LogonType 3, Status 0xc000006d, TargetUserName blank) logged for failed connections.
RDP CoreTS: TCP error 64,
TsSslStateHandshakeInProgress → fail.Issue began only after KB5064081/KB5065426.
🎯 Hypothesis
Updates KB5064081/KB5065426 introduced stricter CredSSP/NLA/Kerberos checks.
These now surface duplicate machine SIDs between cloned Win11 24H2 workstations, causing 0xc000006d on peer auth (RDP, SMB, printer sharing).
- Servers and Win10 peers unaffected → problem isolated to Win11 24H2 ↔ Win11 24H2. Troubleshooting Timeline (RDP / SMB / Print Failures on Win11 24H2) Environment:
- Windows 11 24H2, build 26100.6584 (KB5065426).
- Domain-joined workstations cloned from same base image (duplicate machine SIDs).
- Servers (2019/2022) and Windows 10 not impacted.
- Scope: Win11 24H2 ↔ Win11 24H2 peer connections.
- ✅ Verified RDP certificate binding — CN matches host, valid, private key present.
- ✅ Confirmed TermService running as NT AUTHORITY\NetworkService.
- ✅ Registry checks:
SuppressExtendedProtection=1,LmCompatibilityLevel=5. - ❌ Changed RDP listener settings: SecurityLayer (0/1/2), UserAuthentication (NLA on/off).
- ❌ Disabled/reenabled NLA.
- ❌ Disabling Credential Guard, adjusting LSA/NTLM policies.
- ❌ Checked Schannel, CredSSP logs — no TLS errors recorded, CredSSP empty.
- ❌ Different credentials (domain admin, local admin) tested.
- ❌ Firewall and AV exclusions verified.
- ⬅️ Rolling back KB5065426 (or Aug preview KB5064081) immediately restored:
- RDP peer access (Win11→Win11).
- File sharing (SMB).
- Printer sharing.
- ⬅️ Dropping RDP security completely:
-
SecurityLayer=0(RDP Security only). -
UserAuthentication=0(NLA disabled). - Allowed peer access, but not secure / not acceptable long-term.
-
- Console login always works.
- RDP from servers → Win11 24H2 hosts works (suggests peer SID collision problem, not server-side).
- Event ID 4625 (LogonType 3, Status 0xc000006d, TargetUserName blank) logged for failed connections.
- RDP CoreTS: TCP error 64,
TsSslStateHandshakeInProgress → fail. - Issue began only after KB5064081/KB5065426.
- Updates KB5064081/KB5065426 introduced stricter CredSSP/NLA/Kerberos checks.
- These now surface duplicate machine SIDs between cloned Win11 24H2 workstations, causing 0xc000006d on peer auth (RDP, SMB, printer sharing).
- Servers and Win10 peers unaffected → problem isolated to Win11 24H2 ↔ Win11 24H2.
- Servers and Win10 peers unaffected → problem isolated to Win11 24H2 ↔ Win11 24H2. Troubleshooting Timeline (RDP / SMB / Print Failures on Win11 24H2) Environment:
Sign in to comment
Answer accepted by question author
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 22%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Matthias Carstens
85
Reputation points
-
Dustin Bernier 80 Reputation points
2025-10-22T15:08:57.8866667+00:00 Nice. Microsoft is such a great company. I love how they wont even post the temporary group policy fix without us needing to spend money to submit a business ticket.
-
Matthias Carstens 85 Reputation points
2025-11-01T01:25:30.4733333+00:00 That reg entry will for sure find its way into the web...sooner or later...
Sign in to comment
Answer accepted by question author
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Domic Vo
22,435
Reputation points
Independent Advisor
Dear Dustin Bernier,
Based on the environment you've described—Windows 11 24H2 (build 26100.6584 with KB5065426), cloned machines with shared machine SIDs, and failures in peer-to-peer RDP, SMB, and printer sharing—it does appear that the recent update may be surfacing a regression related to authentication mechanisms, particularly involving CredSSP and NLA.
Regarding your questions:
Known regression: Yes, this is under review. While not yet officially documented, your report adds valuable context.
Fix or guidance: We understand that reimaging or sysprepping 160+ machines is not a viable solution. Our engineering team is evaluating potential registry-based or policy-level workarounds that could mitigate the issue without requiring full reconfiguration.
Tracking: We expect updates to be published on the Windows Release Health dashboard once the issue is confirmed and a resolution path is identified.
Let me know how it goes, and if this answer helps, feel free to hit “Accept Answer” so others can benefit too 😊
T&B, Domic Vo
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 34%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOD%3C/text%3E%3C/svg%3E)
Ovidiu Diaconeasa 0 Reputation points2025-10-16T14:19:09.3766667+00:00 any update on this? Did not see any acknowledgement of this from Microsoft.
Sign in to comment
4 additional answers
Sort by: Most helpful
-
Dustin Bernier 80 Reputation points
2025-10-08T13:26:43.1266667+00:00 It would make sense for Microsoft to provide a modern, reliable, and secure utility for changing or resetting SIDs. Implementing that before altering the authentication model would have prevented a lot of the current headaches.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 65%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJI%3C/text%3E%3C/svg%3E)
James Imray 10 Reputation points2025-10-07T22:16:28.11+00:00 This same update (KB5065426) stopped our machines RDC/RDPing to each other. Similarly, the issue was found to be that the machines had all been built and supplied to us with the same machine SSID. I found the easiest way to look up the machine SSIDs was in Powershell with the command "Get-LocalUser | Select-Object Name,SID" (without quotes and ignore the result from the last dash onwards).
Uninstalling KB5065426 and pausing updates has worked as an interim solution. We are evaluating the implications of using a SID-changing tool like SIDCHG to change the machine SIDs. I understand it has less implications than running sysprep /generalize which "resets a lot of things".
Can anyone from Microsoft please advise if this RDC/RDP problem will be fixed in a rollback/future update or do we need to live with the fact that going forwards we must ensure we don’t have any machines sharing the same machine SID?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 79%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
bvsuser 0 Reputation points2025-10-05T11:43:31.67+00:00 Will this regression be tracked here? Or where can I find information about the progress?
Apparently this does not only hit cloned machines, but also installations that came preinstalled with the computer.
-
Dustin Bernier 80 Reputation points
2025-10-05T15:30:44.48+00:00 I'm curious what brand/model you are seeing this with?
Thanks
-
bvsuser 0 Reputation points
2025-10-05T20:28:16.39+00:00 To be honest: I don't know. I'm just a Linux admin trying to help some poor souls, who try to access their smb shares with a Windows 11 box.
So where can we expect updates to that regression.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 95%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Moggie 0 Reputation points2025-10-07T09:49:59.1266667+00:00 To Dustin.
Running several Dell XPS 8960. Windows 10 machines are fine, Win 11 awful, for example,can't see NAS boxes but see other Win 11 machines. Could go on but so many other people have the same issue.
Sign in to comment -