Users may experience authentication issues where Windows displays an "incorrect password" message during login, even when the correct credentials are entered. This issue is linked to Microsoft's April 2025 security updates and primarily affects computers connected to Active Directory domains.

Issue Description

After entering the correct password, Windows computers display an "incorrect password" message during the login process. While restarting the laptop provides a temporary solution, the issue may reoccur. This problem has been observed following the installation of recent Windows security updates.

Affected Environment

• Windows 10 and Windows 11 computers
• Devices connected to Active Directory Domain Controller environments
• Software applications that rely on Windows authentication features

Root Cause

Microsoft's April 2025 security updates (KB5055523 or later) are causing authentication issues on Windows Server 2025 domain controllers. The problem specifically affects Kerberos logons or delegations using certificate-based credentials that rely on key trust via the Active Directory msds-KeyCredentialLink field. These authentication issues stem from security measures implemented to address the high-severity vulnerability CVE-2025-26647, which affects Windows Kerberos.

Troubleshooting Steps

Step 1: Restart the Computer (Immediate Workaround)

As a temporary solution, restart the laptop to resolve the authentication issue. This workaround typically provides relief for a period of time before the issue may reoccur.

Step 2: Install Pending Windows Updates

1. Click on Start.
2. Select Settings from the menu.
3. Navigate to Update & Security (Windows 10) or Windows Update (Windows 11).
4. Click Check for updates.
5. Install any available updates.
6. Restart the computer when prompted.

Step 3: Force Group Policy Update (Network Cable Required)

If you have access to a network cable and can connect your laptop directly to the network:

1. Connect the laptop to the network using an ethernet cable.
2. Right-click on Start.
3. Select Command Prompt (Admin) or Windows PowerShell (Admin).
4. Type gpupdate /force and press Enter.
5. Wait for the process to complete and monitor for any error messages.
6. Restart the laptop after the group policy update completes.

Step 4: Contact ITS

If the issue persists after performing the above troubleshooting steps, or if you are not comfortable performing these procedures, please contact the ITS Help Desk for assistance from a building technician.

Need Additional Support?

This guide aims to provide useful information, but as technology changes, interfaces or steps might vary. Please use the Comment button to let us know if anything differs from your experience. Your feedback helps us keep this information accurate. Thank you!