Share via

Continuously need to user other user to login

Peter Alexandris 45 Reputation points
2026-02-27T15:20:10.0433333+00:00

I have several users at our organization that after signing back in after locking the screen when they attempt to login they get incorrect user or password but when they select other user and login they have no issues. This is on an org domain and it is EVERY single time they try to sign it, it requires to sign in as other. Has anyone seen an issue like this or know where to even find a solution?

Windows for business | Windows 365 Business
0 comments
Answer accepted by question author
  1. Jason Nguyen Tran 14,440 Reputation points Independent Advisor
    2026-02-27T16:22:03.46+00:00

    Hello Peter Alexandris,

    What you’re describing usually points to how Windows is caching credentials during the lock/unlock process in a domain environment. In many cases, the cached session tries to reuse the last token but fails, which is why the unlock attempt shows “incorrect user or password,” even though the credentials themselves are fine.

    One practical step is to check whether the affected machines are properly syncing with the domain controllers and that Kerberos tickets are being refreshed correctly. If the trust relationship between the workstation and the domain is unstable, this behavior can appear every time. Another area to review is Group Policy, sometimes policies around interactive logon or credential delegation can interfere with the unlock process. Rejoining one of the affected machines to the domain is a good test to confirm if the trust is the root cause.

    Since this is happening consistently across multiple users, I’d also recommend checking the event logs on both the client and domain controller side for authentication errors around the time of the failed unlock. That will give you a clearer picture of whether it’s a local cache issue or a domain replication problem. In short, the accounts themselves are fine, but the cached session is failing, so focusing on domain trust and policy settings should help resolve it.

    I hope the response provided some helpful insight. If it clarified the issue for you, please consider marking it as Accept Answer so others can benefit too. Thank you!

    Jason.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Nguyen Tran 14,440 Reputation points Independent Advisor
    2026-02-28T15:17:09.69+00:00

    Hello Peter Alexandris,

    I’m following up to check whether the issue has been resolved.

    If the information provided was helpful, please click "Accept Answer" to help others in the community. Thank you!

    0 comments
  2. Q&A Assist
    2026-02-27T15:20:27.2833333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    This behavior typically indicates a sign-in/authentication problem tied to the cached credentials or the way Windows is handling domain authentication after the device is locked, rather than a true bad password.

    Use the following steps to narrow down and resolve it:

    1. Confirm the account is healthy in AD
      • Verify the affected users’ domain accounts are not locked out, expired, or restricted by logon hours.
      • If needed, reset the user’s password once and test again.
      • See guidance under “Make sure that the account isn't locked out, expired, or used outside designated logon hours” in the federated sign-in article.
    2. Restart devices and domain controllers
      • Restart one of the affected client devices and test again.
      • If the issue is widespread and recent (for example, after an update), restart all domain controllers. A similar sign-in issue in a domain environment was resolved by restarting all DCs.
    3. Test with another account on the same device
      • On an affected PC, sign in with a different domain user.
      • Lock/unlock and see if the same “incorrect user or password” appears.
      • If only specific users are affected, focus on those AD accounts; if all users on that device are affected, focus on the device and its trust to the domain.
    4. Check for sign-in problems at the OS level
      • If users intermittently cannot sign in at all, try a full restart of the device, as this can clear temporary sign-in issues.
      • If problems persist, boot one affected device into Safe Mode with Networking and test sign-in. If Safe Mode works reliably, a driver, security product, or GPO may be interfering with normal logon.
    5. Verify domain trust and cached credentials
      • On an affected device, ensure it is still joined to the correct domain and can reach a domain controller (network connectivity, DNS, etc.).
      • If the device repeatedly fails normal logon but “Other user” works every time, consider removing the machine from the domain and rejoining it (plan this carefully, as it affects all domain profiles on that PC).
    6. Check for repeated sign-in attempts and lockouts
      • If users are retrying many times, Microsoft Entra multifactor authentication or security policies may temporarily block sign-in after multiple attempts. In hybrid scenarios, review sign-in logs and ensure MFA or conditional access is not misconfigured.

    If the issue continues after these steps, collect event logs from affected machines and domain controllers (Security and System logs around the time of the failed unlock) and review for Kerberos or authentication errors, then escalate through support with those details.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.