Windows 11 update blocking some users from logging in

And on new accounts as Microsoft tries to drive big adoption

A Windows update issued last month is blocking some users with new Microsoft accounts from being able to log into their systems, a glitch Microsoft says can be remedied either through a workaround or a feature introduced to the operating system last year.

According to Microsoft, the update to Windows 11 version 21H2, introduced August 25, was meant to address a range of issues around USB printing, trusting applications in the Microsoft Store, Bluetooth headsets, and Microsoft Edge in IE mode.

However, the KB5016691 update also introduced an issue of its own. In an advisory emitted this week, Microsoft said that some customers, after installing the update and adding a new Microsoft account user in Windows, were unable to sign in for a brief time after the initial restart or after signing out.

"The issue only affects the newly added Microsoft account user and only for the first sign in," the vendor wrote. "This issue only affects devices after adding a Microsoft account. It does not affect Active Directory domain users accounts or Azure Active Directory accounts."

The software giant offered two ways to address it. One is a workaround that essentially calls for letting the OS work the problem out of its system. If a user with a new account can't sign in, the issue will automatically resolve itself after a short time, according to Microsoft.

In this scenario, the user will need to wait for the lock screen to reappear, after which they should be able to login as expected.

Users can also resolve the problem by using a function called the Known Issue Rollback (KIR), which was introduced in March 2021. In a blog post at the time, Microsoft explained that KIR would quickly return a device affected by a Windows update to productive use.

"The Known Issue Rollback infrastructure in the OS provides developers with a method that evaluates a policy to determine the execution path," said Microsoft. "This policy tells the OS whether a fix should remain enabled or not. If the policy states that the fix is enabled, then the new code runs; and if the policy says that the fix is disabled, then the OS falls back to the old code-path."

Monthly Windows updates are enabled by default, with the old code being disabled and the new code enabled. If the fix causes a serious problem, Azure hosted services and Windows work together to update the policy setting on the device and disable the fix that is causing the issues.

According to Microsoft, enterprises have control over the KIR policy.

It could take as long as 24 hours to KIR to automatically resolve the login issue in consumer systems and non-managed business devices. Restarting the Windows device could accelerate the process, the vendor said.

"For enterprise-managed devices that have installed an affected update and encountered this issue [admins] can resolve it by installing and configuring a special Group Policy," the company wrote. "The special Group Policy can be found in Computer Configuration -> Administrative Templates -> KB5016691 220722_051525 Known Issue Rollback -> Windows 11 (original release)."

An IT administrator will need to install and configure the Group Policy specific for their versions of Windows. This issue doesn't affect Windows Server deployments.

Instructions for deploying and configuring the special Group Policy can be found here. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2022