This fixed our problem. After some additional digging, in our case, we found that the "LsaCfgFlags" DWORD was already in the registry, but misspelled! Microsoft created it as "LsaCfgFlagsDefault" which is worthless. It was intended to be the keyword mentioned in the solution which sets the status of the enhanced security feature "Credential Guard". You can read about what it does here... https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-deviceguard-unattend-lsacfgflags With the "LsaCfgFlags" value not set (because it was created incorrectly by Microsoft), the "Credential Guard" feature is enabled and interferes with sending at least Computer credentials to the native Windows Dot1X supplicant and apparently aborts the authentication attempt before it completes. When Microsoft states that the default is "Off", they are assuming the LsaCfgFlags value is there and set to "zero" - which it is not with an out-of-the box install.
... View more
