Meraki

Community

Windows 11 Cannot Connect to Wifi

DerikA
Getting noticed
‎Jan 6 2022 1:12 PM
‎Jan 6 2022 1:12 PM

Windows 11 Cannot Connect to Wifi

I have the wireless network set up using RADIUS authentication as documented here:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

We are have user auth setup and using a Windows Group Policy so people don't have to enter there credentials every time and it has been working great. Then Windows 11 shows up and the things fell apart. If I try to connect using the wireless profile pushed by Active Directory the laptop give a message saying "Can't Connect to this Network" but if I find the hidden network and manually connect I can.

 

RADIUS shows the following for logging:

<Event><Timestamp data_type="4">01/06/2022 14:36:42.879</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">host/LAPTOP.CompanyName.local</User-Name><NAS-IP-Address data_type="3">1.1.2.241</NAS-IP-Address><NAS-Identifier data_type="1">00-00-00-00-00-13:vap3</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Service-Type data_type="0">2</Service-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">AC-74-B1-D9-E5-2C</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54.00 Mbps / 802.11ac / RSSI: 54 / Channel: 44</Connect-Info><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><Acct-Multi-Session-Id data_type="1">40797C9BB742FADC</Acct-Multi-Session-Id><Vendor-Specific data_type="2">000073E70217466172676F20436F7270202D20776972656C657373</Vendor-Specific><Vendor-Specific data_type="2">000073E7030F495420526F6F6D20466172676F</Vendor-Specific><Vendor-Specific data_type="2">000073E7040B20436F727020495420</Vendor-Specific><Called-Station-Id data_type="1">00-00-00-00-00-13:CompanyName</Called-Station-Id><Vendor-Specific data_type="2">000073E7010F495420526F6F6D20466172676F</Vendor-Specific><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87093</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:42.879</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87093</Class><Session-Timeout data_type="0">30</Session-Timeout><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Authentication-Type data_type="0">5</Authentication-Type><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:42.910</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address data_type="3">1.1.2.241</NAS-IP-Address><NAS-Identifier data_type="1">00-00-00-00-00-13:vap3</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Service-Type data_type="0">2</Service-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">AC-74-B1-D9-E5-2C</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54.00 Mbps / 802.11ac / RSSI: 54 / Channel: 44</Connect-Info><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><Acct-Multi-Session-Id data_type="1">40797C9BB742FADC</Acct-Multi-Session-Id><Vendor-Specific data_type="2">000073E70217466172676F20436F7270202D20776972656C657373</Vendor-Specific><Vendor-Specific data_type="2">000073E7030F495420526F6F6D20466172676F</Vendor-Specific><Vendor-Specific data_type="2">000073E7040B20436F727020495420</Vendor-Specific><Called-Station-Id data_type="1">00-00-00-00-00-13:CompanyName</Called-Station-Id><Vendor-Specific data_type="2">000073E7010F495420526F6F6D20466172676F</Vendor-Specific><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><User-Name data_type="1">host/LAPTOP.CompanyName.local</User-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87094</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:42.910</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87094</Class><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><Session-Timeout data_type="0">30</Session-Timeout><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:42.942</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address data_type="3">1.1.2.241</NAS-IP-Address><NAS-Identifier data_type="1">00-00-00-00-00-13:vap3</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Service-Type data_type="0">2</Service-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">AC-74-B1-D9-E5-2C</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54.00 Mbps / 802.11ac / RSSI: 54 / Channel: 44</Connect-Info><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><Acct-Multi-Session-Id data_type="1">40797C9BB742FADC</Acct-Multi-Session-Id><Vendor-Specific data_type="2">000073E70217466172676F20436F7270202D20776972656C657373</Vendor-Specific><Vendor-Specific data_type="2">000073E7030F495420526F6F6D20466172676F</Vendor-Specific><Vendor-Specific data_type="2">000073E7040B20436F727020495420</Vendor-Specific><Called-Station-Id data_type="1">00-00-00-00-00-13:CompanyName</Called-Station-Id><Vendor-Specific data_type="2">000073E7010F495420526F6F6D20466172676F</Vendor-Specific><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><User-Name data_type="1">host/LAPTOP.CompanyName.local</User-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87095</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:42.942</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87095</Class><Session-Timeout data_type="0">30</Session-Timeout><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Authentication-Type data_type="0">5</Authentication-Type><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:42.989</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address data_type="3">1.1.2.241</NAS-IP-Address><NAS-Identifier data_type="1">00-00-00-00-00-13:vap3</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Service-Type data_type="0">2</Service-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">AC-74-B1-D9-E5-2C</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54.00 Mbps / 802.11ac / RSSI: 54 / Channel: 44</Connect-Info><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><Acct-Multi-Session-Id data_type="1">40797C9BB742FADC</Acct-Multi-Session-Id><Vendor-Specific data_type="2">000073E70217466172676F20436F7270202D20776972656C657373</Vendor-Specific><Vendor-Specific data_type="2">000073E7030F495420526F6F6D20466172676F</Vendor-Specific><Vendor-Specific data_type="2">000073E7040B20436F727020495420</Vendor-Specific><Called-Station-Id data_type="1">00-00-00-00-00-13:CompanyName</Called-Station-Id><Vendor-Specific data_type="2">000073E7010F495420526F6F6D20466172676F</Vendor-Specific><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><User-Name data_type="1">host/LAPTOP.CompanyName.local</User-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87096</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:42.989</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87096</Class><Session-Timeout data_type="0">30</Session-Timeout><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Authentication-Type data_type="0">5</Authentication-Type><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:43.020</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-IP-Address data_type="3">1.1.2.241</NAS-IP-Address><NAS-Identifier data_type="1">00-00-00-00-00-13:vap3</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Service-Type data_type="0">2</Service-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">AC-74-B1-D9-E5-2C</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54.00 Mbps / 802.11ac / RSSI: 54 / Channel: 44</Connect-Info><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><Acct-Multi-Session-Id data_type="1">40797C9BB742FADC</Acct-Multi-Session-Id><Vendor-Specific data_type="2">000073E70217466172676F20436F7270202D20776972656C657373</Vendor-Specific><Vendor-Specific data_type="2">000073E7030F495420526F6F6D20466172676F</Vendor-Specific><Vendor-Specific data_type="2">000073E7040B20436F727020495420</Vendor-Specific><Called-Station-Id data_type="1">00-00-00-00-00-13:CompanyName</Called-Station-Id><Vendor-Specific data_type="2">000073E7010F495420526F6F6D20466172676F</Vendor-Specific><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><User-Name data_type="1">host/LAPTOP.CompanyName.local</User-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87097</Class><Authentication-Type data_type="0">11</Authentication-Type><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">01/06/2022 14:36:43.020</Timestamp><Computer-Name data_type="1">DC-01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 1.1.1.6 01/01/2022 21:51:31 87097</Class><Authentication-Type data_type="0">11</Authentication-Type><Acct-Session-Id data_type="1">9338353FC94ADA5F</Acct-Session-Id><NP-Policy-Name data_type="1">CompanyName</NP-Policy-Name><Fully-Qualifed-User-Name data_type="1">CompanyName\LAPTOP$</Fully-Qualifed-User-Name><Client-IP-Address data_type="3">1.1.2.241</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Legacy Wireless Subnets</Client-Friendly-Name><SAM-Account-Name data_type="1">CompanyName\LAPTOP$</SAM-Account-Name><Proxy-Policy-Name data_type="1">CompanyName</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><Packet-Type data_type="0">3</Packet-Type><Reason-Code data_type="0">265</Reason-Code></Event>

 

Meraki shows:

 

Connection start time Client device AP SSID Failure stage Failure reason

Thu Jan 6, 2022, 14:37:02ac:74:b1:d9:e5:2cIT Room FargoMAGNUMAuthentication
Client failed 802.1X authentication to the RADIUS server.type='802.1X auth fail' num_eap='7' first_time='0.012763271' associated='false' radio='1' vap='3'
Thu Jan 6, 2022, 14:35:03ac:74:b1:d9:e5:2cIT Room FargoMAGNUMAuthentication
Client failed 802.1X authentication to the RADIUS server.type='802.1X auth fail' num_eap='7' first_time='0.014429834' associated='false' radio='1' vap='3'
Thu Jan 6, 2022, 14:31:06ac:74:b1:d9:e5:2cIT Room FargoMAGNUMAuthentication
Client failed 802.1X authentication to the RADIUS server.type='802.1X auth fail' num_eap='7' first_time='0.014113104' associated='false' radio='1' vap='3'
Thu Jan 6, 2022, 14:28:45ac:74:b1:d9:e5:2cIT Room FargoMAGNUMAuthentication
Client failed 802.1X authentication to the RADIUS server.type='802.1X auth fail' num_eap='7' first_time='0.015952355' associated='false' radio='1' vap='3'
Thu Jan 6, 2022, 14:27:05ac:74:b1:d9:e5:2cIT Room FargoMAGNUMAuthentication
Client failed 802.1X authentication to the RADIUS server.type='802.1X auth fail' num_eap='7' first_time='0.016288354' associated='false' radio='1' vap='3'
Thu Jan 6, 2022, 14:25:55ac:74:b1:d9:e5:2cIT Room FargoMAGNUMAuthentication
Client failed 802.1X authentication to the RADIUS server.type='802.1X auth fail' num_eap='7' first_time='0.017201979' associated='false' radio='1' vap='3'

 

I am not finding any useful information in system logs on the laptop but I am no expert at digging through windows logs so I may be missing something.


Thank you in advance for any suggestions on how to resolve this.

0 Kudos
9 Replies 9
Rastiy
New here
‎Dec 13 2022 1:43 AM
‎Dec 13 2022 1:43 AM

We had a similar issue after upgrading to Win 11, PC try to connect to WiFI showing "Can't Connect to this Network"

the WiFi uses Radius to authenticate.

 

Below is the solution that worked for us.

 

 

  1. Open Registry Editor with Run as Administrator option
  2. Go to path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Create a new DWORD LsaCfgFlags and set it to 0
  4. Restart the device.

 

Hope that helps.

In response to Rastiy
ToddQuinn
Conversationalist
‎Jan 27 2023 1:08 PM
‎Jan 27 2023 1:08 PM

This fixed our problem. After some additional digging, in our case, we found that the "LsaCfgFlags" DWORD was already in the registry, but misspelled! Microsoft created it as "LsaCfgFlagsDefault" which is worthless. It was intended to be the keyword mentioned in the solution which sets the status of the enhanced security feature "Credential Guard". You can read about what it does here... https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-devi...

 

With the "LsaCfgFlags" value not set (because it was created incorrectly by Microsoft), the "Credential Guard" feature is enabled and interferes with sending at least Computer credentials to the native Windows Dot1X supplicant and apparently aborts the authentication attempt before it completes. When Microsoft states that the default is "Off", they are assuming the LsaCfgFlags value is there and set to "zero" - which it is not with an out-of-the box install.

 

In response to ToddQuinn
ElSysAdmin
New here
‎Feb 7 2023 11:52 AM
‎Feb 7 2023 11:52 AM

Just wanted to jump in here and share my findings. Had the same issue as you, and when navigating to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa I found that I had both LsaCfgFlags with value 0 and LsaCfgFlagsDefault with value 2. Very strange. I set LsaCfgFlagsDefault to 0 and rebooted. This allows me to connect without issue, but LsaCfgFlagsDefault resets itself to 2. 

On a second machine also having the issue I found LsaCfgFlagsDefault set to 2 was present, but LsaCfgFlags was not. I then set LsaCfgFlagsDefault to 0, rebooted, made successful connection to SSID, and verified that LsaCfgFlagsDefault has reset back to 2, but LsaCfgFlags is now present and set to 0. 

0 Kudos
In response to Rastiy
BezvezaE
Conversationalist
‎May 3 2024 2:07 AM
‎May 3 2024 2:07 AM

Thank you Sir, this worked magnificently!

0 Kudos
WB
Building a reputation
‎Dec 13 2022 2:08 AM
‎Dec 13 2022 2:08 AM

I noted on that last line that reason code 265 was given which links to "The certificate chain was issued by an authority that is not trusted."

 

There has been commentary around Credential Guard (enabled by default in W11 Education & Enterprise) blocking machine auth methods, but I'm note sure if this blocks manual connections.

 

I had a look around and found this post on the MS community, different NPS code but notably a comment saying:

 

"The computers would not authenticate automatically, but when following the dialog boxes we could get them to authenticate by manually telling the computer to try...."

 

"Our Windows 10 computers worked without flaws. After reading this thread I decided to check my Group Policy and the only difference is that I was not specifying the servers they could authenticate to, so I was not having the problem with the case mismatch. I found the fix to be checking the box next to my domain CA in the Trusted Root Certification Authorites section below the box where you can specify which servers to connect to."

Another external thread I found also talked about case mismatch:

 

"We had a GPO that pushed out the Cert to the clients and our NPS server was lowercase in that GPO and the server end is capitalized. It was never an issue with the Windows 10 machines but I guess Windows 11 has some additional security that capitalization matters. Was an easy fix but not an obvious one."

 

0 Kudos
This2shallpass
Getting noticed
‎Aug 30 2023 10:21 AM
‎Aug 30 2023 10:21 AM

Anyone facing issues with Windows 11 when connecting to Wifi with radius authentication this fix still works.
This problem occurs on some & not all machines running the same OS & same Edition.

Thanks @Rastiy @ToddQuinn 

0 Kudos
In response to This2shallpass
graym1984
New here
‎Apr 16 2024 4:34 PM
‎Apr 16 2024 4:34 PM

I've had one laptop in my environment facing the same issue. The fix mentioned above did indeed work. Cheers!

0 Kudos
impastaNoodle
New here
‎Jul 3 2024 10:22 AM
‎Jul 3 2024 10:22 AM

Thanks so much! This resolved my issues

0 Kudos
van604
Building a reputation
‎Jul 3 2024 4:19 PM
‎Jul 3 2024 4:19 PM

just came across this in a search and this also fixed the issue with the one laptop.  Thanks for the work around.  

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.