Skip to main content

Password Incorrect, Crashing on Login, File Explorer Crashing and Modern Apps Won't Open Errors

Applies To

Hybrid Entra ID/Azure AD Environments

Symptoms

The user's password is returned as incorrect, even though accuracy of the password has been verified. Other symptoms include crashing of File Explorer and the System Shell UI. Black screen loops on login. Inability or lack of permissions to open Universal Windows Apps such as Settings, Office, Photos and others. 

Prerequisites

In order to complete this fix, you must have one of the following methods of accessing the computer.

  1. A local (non-Entra ID/Azure AD) user account with Administrator privileges.
  2. A remote support program that can run command prompts as the system or non-Entra ID/Azure AD user.

Solution

A Windows 11 device connected to a Entra ID/Azure AD Hybrid network will cache the logon servers for both the local on-premises ActiveDirectory server as well as the Entra ID/Azure AD server. When attempting to login, Windows will attempt to use the ActiveDirectory logon server, which will fail. To fix this, you must remove the cached ActiveDirectory server from the registry.

  1. Login as a local user.
    1. If you need assistance in creating a local user, follow the local password reset guide.
  2. Open Registry Editor.
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityStore\LogonCache\B16898C6-A148-4967-9171-64D755DA8520\SubPkgs
  4. There will be two subkeys in SubPkgs. One subkey will be your local ActiveDirectory server/NetBIOS domain name, while the other will be your Entra ID/Azure AD server.
  5. Right-click the ActiveDirectory server/NetBIOS domain name subkey and select Permissions.
  6. Click the Advanced button.
  7. Click Disable Inheritance, then select Convert inherited permissions into explicit permissions on this object.
  8. Next to Owner, click Change.
  9. Enter the username of the local account you're logged into.
  10. Check the Replace all child object permissions checkbox.
  11. Click Apply and Ok.
  12. Click Ok to close the Permissions window.
  13. Right-click the ActiveDirectory server/NetBIOS domain name subkey then click Delete.
  14. Once the subkey is deleted, restart the computer and log into Windows as the affected user.
No Comments
Back to top