I noted on that last line that reason code 265 was given which links to "The certificate chain was issued by an authority that is not trusted." There has been commentary around Credential Guard (enabled by default in W11 Education & Enterprise) blocking machine auth methods, but I'm note sure if this blocks manual connections. I had a look around and found this post on the MS community, different NPS code but notably a comment saying: "The computers would not authenticate automatically, but when following the dialog boxes we could get them to authenticate by manually telling the computer to try...." "Our Windows 10 computers worked without flaws. After reading this thread I decided to check my Group Policy and the only difference is that I was not specifying the servers they could authenticate to, so I was not having the problem with the case mismatch. I found the fix to be checking the box next to my domain CA in the Trusted Root Certification Authorites section below the box where you can specify which servers to connect to." Another external thread I found also talked about case mismatch: "We had a GPO that pushed out the Cert to the clients and our NPS server was lowercase in that GPO and the server end is capitalized. It was never an issue with the Windows 10 machines but I guess Windows 11 has some additional security that capitalization matters. Was an easy fix but not an obvious one."
... View more