RDP Login Failures After September 2025 Windows Security Update (KB5065426)

Issue:

Following the cumulative security update KB5065426 for Windows 11 24H2 released by Microsoft in September 2025, several organizations are facing issues with Remote Desktop Protocol (RDP) login failures when trying to access virtual desktops remotely for IT/admin purposes.

This problem does not affect end users who are connecting via the Workspot Client. It impacts administrators who are trying to access RDP directly, especially in shared VDI setups.

A screenshot of a computer AI-generated content may be incorrect.

Cause

Microsoft has confirmed that the issue arises when two systems with the same machine identity try to authenticate, such as cloned virtual machines that have identical MachineGUID or SID.

Due to the enhanced security checks introduced in the update, NTLM-based authentication might erroneously fail when there are matching identifiers on both the client and host systems, leading to the message “The logon attempt failed” even when the credentials are correct.

Microsoft has recognized this as a known problem.

Who are Impacted

Users of Workspot accessing Cloud Desktops via the Workspot Client

→ No problems encountered. Everything functions as intended.

IT administrators connecting through RDP from systems lacking KB5065426

→ No problems encountered. RDP operates as usual.

IT administrators connecting via RDP when both the source and destination machines have KB5065426 installed and share the same SID/MachineGUID

→ Connection fails. This is where the issue arises. This failure is most frequently observed in pooled desktop setups created from cloned templates, where several machines end up with identical SID or MachineGUID.

Microsoft Hotfix / Temporary Workaround

Microsoft supplied a Known Issue Rollback MSI package along with a necessary Group Policy configuration adjustment to reinstate RDP functionality.

Workspot has validated this workaround as successful when:

The MSI rollback hotfix is installed on the target VM
https://download.microsoft.com/download/8dbd6b00-7e95-4c8c-8460-37543e5b85f5/Windows 11 24H2 and Windows Server 2025 KB5065426 250912_02251 Known Issue Rollback.msi
The Microsoft-recommended GPO setting is applied

The VM is rebooted after changes. Without the policy change, the MSI alone does not resolve the issue.

If needed, Workspot Support can provide detailed implementation guidance.

Status of Permanent Fix

The Microsoft engineering team is diligently pursuing a long-term solution and will inform the Workspot Support Team once the fix is available for General Availability (GA). The timing has not yet been confirmed by Microsoft.

Workspot will revise this document promptly after Microsoft releases the permanent solution.