Share via

Shared windows 11 domain desktop with multiple users, having log in issues.

Kyle Schlemmer 0 Reputation points
2026-04-23T18:25:32.7266667+00:00

Hello,

We recently refreshed all our machines to windows 11. I have 2 desktops that are shared that 4 individual users log into each, ie PC 1 is on the domain and 4 users log into it. PC 2 is also on the domain and 4 different users log into it. PC1 is on Windows 11 H24 and was imaged. PC2 is on Windows 11 H25 and was built from scratch. Both machines are having the same log in issues. The users are able to log on to the machine do some work, lock the machine. When they come back to the machine and click on their name to log in they get a bad username or password error. If they click on "Other user" and enter their username and same password they are able to log in. I have search high and low for an answer but have not found any resolution. Please help. This was not an issue with Windows 10.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Scott Nguyen 1,150 Reputation points Independent Advisor
    2026-04-23T19:51:00.9466667+00:00

    Hello.

    You could resolve this by navigating to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options and enabling the Interactive logon: Don't display last user name policy, which forces the "Other User" prompt and bypasses the problem at the point.

    Additionally, maybe try to check that if the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName is not conflicting with your Assign a default domain for logon GPO setting.

    If you find my answer useful, you can mark it as the "Accepted Answer" so the others can find the solution easily. Your help in supporting the community is much appreciated! Thanks

  2. Q&A Assist
    2026-04-23T18:25:47.68+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The behavior matches known authentication issues introduced by recent Windows 11 24H2/25H2 updates that affect Kerberos/NTLM and domain logons on shared devices.

    Based on the provided context, there are two practical actions that have resolved very similar symptoms:

    1. Restart all domain controllers
      • In a similar Windows 11 24H2 domain-login issue, restarting all domain controllers resolved repeated/failed logons after update.
      • Action:
        1. Plan a maintenance window.
        2. Gracefully reboot each domain controller in turn.
        3. After all DCs are back online, test the scenario again on both shared PCs (lock, then unlock using the tile vs “Other user”).
    2. Check for and apply any relevant Windows known-issue fixes/rollbacks
      • Windows 11 24H2/25H2 and Windows Server 2025 have a known issue where updates can cause Kerberos and NTLM authentication failures, including repeated credential prompts and “username or password is incorrect” messages, even with valid credentials.
      • If these PCs or your DCs are on affected builds (for example, after installing updates such as KB5065426 or later in that chain), apply the corresponding known-issue rollback or follow the guidance from the related KBs.
      • For environments impacted by duplicate-SID-related behavior, a Known Issue Rollback MSI and policy/registry override have been used successfully:
        • Install Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5065426 250923_06201 Known Issue Rollback.msi on the affected client.
        • In Local Group Policy Editor (gpedit.msc):
          • Go to Local Computer Policy > Administrative Templates > KB5065426_20250923_06201 Known Issue Rollback.
          • Set the policy to Disabled.
          • Reboot the client.
        • Alternatively, use the documented registry override under HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides.

    If the issue persists after:

    • restarting all domain controllers, and
    • confirming that the latest Windows updates and any applicable out-of-band/rollback fixes are applied,

    then collect logs (Security and System event logs on the clients and DCs) and look specifically for:

    • Kerberos/NTLM failures,
    • SEC_E_NO_CREDENTIALS, or
    • Local Security Authority (lsasrv.dll) events indicating partial machine ID mismatches.

    These will confirm whether the environment is hitting the documented authentication issue and guide whether further rollback or remediation from the related KB should be applied across affected devices.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.