I'm facing issues with Kerberos and NTLM authentication failures due to duplicate SIDs, which are affecting our network shares. I'm looking for a group policy to disable this behavior. I've heard there might be a solution out there, but it seems Microsoft hasn't made it publicly available yet. Any suggestions on how to temporarily disable this until a better solution is in place? Thanks!
4 Answers
Here are two alternative solutions to consider if anyone else runs into this issue in the future: check out newsid from Sysinternals here: https://learn.microsoft.com/en-us/sysinternals/downloads/newsid or another tool called SIDCHGL64 at this link: https://www.stratesave.com/html/downloads.html.
I think I found a workaround! You can install a rollback package which creates a new ADMX file. Check this link for the download: https://download.microsoft.com/download/c6c70455-59ce-4d47-b13c-56b99d0435f1/Windows%2011%2024H2%2C%20Windows%2011%2025H2%20and%20Windows%20Server%202025%20KB5065426%20250923_06201%20Known%20Issue%20Rollback.msi. After installation, just copy the generated ADMX file to your Central Store.
Just so you know, these group policies aren't publicly available by default. You actually need to open a support case to get access to them since they're temporary and may not be part of the final release.
Did this lead to issues with AD accounts for your customer? I thought this was limited to local accounts since domain accounts usually don’t have duplicate SIDs. In our case, we always use sysprep when cloning VMs, so we’ve been good so far.
Haha, Microsoft support can really be a hassle. I don't have the luxury to wait weeks for someone to just request more logs from me!