Share via

Windows 11 24H2 SMB / NTLM authentication fails on a single client while others succeed

CMIT2 0 Reputation points
2026-01-09T20:03:37.4633333+00:00

Hello,

We are troubleshooting a persistent SMB authentication issue affecting one Windows 11 24H2 workstation, while multiple other Windows 11 24H2 systems connect successfully using the same credentials.

Environment

  • Client: Windows 11 Pro 24H2 (Standalone workstation)

File Server: Standalone Windows server (not domain-joined)

Authentication: Local user account on the file server (NTLM)

Share: Standard SMB file share

Other clients: Multiple Windows 11 24H2 machines connect successfully using the same credentials

Symptoms

Connection attempts fail with:

“The specified network password is not correct”

  System error 86
  
  On the file server, **Security Event 4625** logs show:
  
     Logon Type: 3 (Network)
     
        Authentication Package: NTLM
        
           Substatus: `0xC000006A` (bad password)
           
           The same username/password succeeds from other Windows 11 24H2 clients

What has been checked / ruled out

Credentials verified and reset on the server

All stored credentials removed on the client

NTLM compatibility level set to default (LmCompatibilityLevel = 3)

LLMNR disabled

NetBIOS disabled

SMBv1 disabled

IPv6 disabled (for testing)

AllowInsecureGuestAuth tested (no change)

SMB client service restarted

Local firewall disabled for testing

No proxy configured

SMB client configuration matches known-good systems

Issue persists across reboots

Additional observations

Authentication failure is delayed (not immediate), suggesting a handshake or policy issue rather than a simple credential typo

Server logs only show NTLM failures originating from this specific client

  • The system was previously connected successfully before the recent update to 24H2

Questions

Are there Windows 11 24H2-specific changes (NTLM hardening, SMB signing requirements, credential isolation, or authentication caching) that could cause a single client to consistently fail NTLM authentication against a standalone SMB server?

Are there known 24H2 issues related to SMB or NTLM authentication behavior?

Are there additional diagnostic steps or logging areas recommended for isolating this type of failure?

Any insight or guidance would be appreciated.

Thank you.

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Harry Phan 20,055 Reputation points Independent Advisor
    2026-01-10T04:58:23.56+00:00

    Hello CMIT2

    Based on the details you provided, the behavior you are seeing is consistent with NTLM hardening changes introduced in Windows 11 24H2. Microsoft has disabled NTLMv1 by default and tightened SMB signing requirements. If the affected workstation is negotiating NTLM incorrectly or caching a corrupted credential, authentication will fail even though the same credentials succeed from other clients.

    To isolate the issue, I recommend forcing NTLMv2 only on the client by setting LmCompatibilityLevel to 5 under HKLM\SYSTEM\CurrentControlSet\Control\Lsa. You should also check the SMB client configuration with Get-SmbClientConfiguration and confirm whether RequireSecuritySignature is enabled. If the server does not support signing, temporarily disable it with Set-SmbClientConfiguration -RequireSecuritySignature $false. Additionally, clear any cached credentials using cmdkey /list and cmdkey /delete:<target> to ensure no stale entries remain.

    On the server side, enabling NTLM auditing will confirm whether the client is attempting NTLMv1 or malformed NTLMv2. If you see repeated failures only from this workstation, it is likely a local stack corruption introduced during the 24H2 upgrade. Running dism /online /cleanup-image /restorehealth can repair the SMB client components.

    If none of these steps resolve the issue, you may be encountering a regression in the NTLM stack specific to 24H2. In that case, opening a support case with Microsoft is the most reliable path forward, as only they can confirm and provide a hotfix if required.

    I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

    Harry.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-01-09T20:03:51.29+00:00

    In Windows 11 version 24H2, several changes related to SMB and NTLM authentication could potentially affect connectivity, especially if one client is experiencing issues while others are not. Here are some points to consider:

    1. NTLM Hardening: Windows 11 24H2 has introduced stricter security measures for NTLM authentication. If the affected client has any specific configuration that differs from the others, such as local security policies or group policies, it may lead to authentication failures.
    2. SMB Signing Requirements: SMB signing is required by default in Windows 11 24H2. If there are discrepancies in SMB signing settings between the problematic client and the working clients, this could cause authentication issues. Ensure that the SMB signing settings are consistent across all clients.
    3. Credential Isolation: Windows 11 may implement credential isolation features that could affect how credentials are cached or used. Make sure that there are no local policies or settings on the problematic client that might be preventing it from using the stored credentials correctly.
    4. Authentication Caching: If there are issues with how the client caches credentials, this could also lead to failures. Clearing cached credentials and ensuring that the client is using the correct credentials might help.
    5. Known Issues: While there are no specific known issues related to SMB or NTLM authentication in Windows 11 24H2 mentioned in the provided context, it is always a good idea to check for any updates or patches that may address authentication issues.

    Diagnostic Steps

    • Event Viewer: Continue monitoring the Event Viewer on both the client and server for any additional error messages that could provide more context.
    • Network Tracing: Consider using tools like Wireshark to capture and analyze the network traffic during the authentication attempts. This can help identify where the handshake is failing.
    • Local Security Policy: Review the local security policy settings on the affected client to ensure they match those of the working clients.
    • Group Policy Results: Use the gpresult command to check for any group policy settings that might be affecting the client.

    By systematically checking these areas, you may be able to isolate the cause of the authentication failure on the specific Windows 11 24H2 client.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.