Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, October 8, 2015 6:13 PM | 1 vote
Hello,
I'm just at the beginning evaluating Device Guard and Credential Guard in Windows 10. My problem is as soon as I enable Credential Guard on my device Enterprise WLAN authenticatrion stops to work. I'm authenticating via Protected EAP (PEAP) agains NPS server. The NPS log does not show any activicy and when I try to connect. When trying to connect manually I get the message that Windows can't connect to this network. When I disable Credential guard like described here my 802.1X authentication starts to work again.
Does anyone have the same problem and knows why this happens and how it can be fixed?
Thanks already for your help.
Regards
Robert
All replies (8)
Thursday, October 8, 2015 6:23 PM ✅Answered | 1 vote
From the article I linked to my first writing I've found following consideration:
If you're using Wi-Fi and VPN end points that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for Wi-Fi and VPN connections.
So I think this can be the reason. Anyway it's just a recommendation and does not say that its not working at all.
Any thoughts or experience on that?
Robert
Friday, October 9, 2015 7:44 AM ✅Answered | 1 vote
Robinion,
That should be the problem.
By the way, for certificated-based authentication, if you have interests, then please check:
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Tuesday, April 19, 2016 8:38 AM | 1 vote
Robert,
I have exactly the same problem and found that it is Hyper-v that breaks it. Hyper-v gets enabled by Device / Credential Guard. I tried to disable the Hyper-V feature and suddenly I can connect to my WLAN, the problem is that at the next reboot Hyper-v is back again (because of the Device Guard GPO). I am sure it is Hyper-v and not Device Guard because I turned Device Guard off in the GPO but then enabled Hyper-V manually, the issue appeared again.
I am investigating why this is the case.
Nic.
Wednesday, June 1, 2016 8:36 AM | 2 votes
Hello Guy's,
i have the same Problem here, PEAP Auth. on W-Lan is not working on Notebooks with Device Guard enable.
Does anyone have new information on the Problem? I doN't even know if its a Feature or BUG ?
But after all i've experienced with W10 it wouldn't surprise me it's a BUG.
regards
Stefan
Thursday, June 30, 2016 9:19 PM
I can certainly confirm I'm experiecing the same issue when using PEAP: Automatically use windows username and password. The problem arises when Isolated User Mode (i.e. when the user kernel is put into the hypervisor) is switched on - 'just' Secure Boot with DMA works OK.
I suspect the domain credentials are prevented from being passed out from the LSAIso to the high-level OS. The documentation seems to heavily imply this is the case, although it isn't 100% clear. I guess these things are easy to spot in hindsight!
Anyway, I have some time to play with cert based reconfiguration over the next week or so, I'll try and report back with my findings.
Friday, July 1, 2016 5:13 PM
Switching to EAP-TLS with machine and user certificates solved my issue instantaneously.
Monday, September 12, 2016 7:39 AM
Hello Guy's,
i've also switched to EAP-TLS and i did work.
Now we have a new Problem: Windows won't connect to the hidden Network that is specified within the GPO.
It seems this Problem appeared since we'v started to Rollout the New Aniversary Update.
Does anyone have similar Problems?
regards
Stefan
Monday, September 12, 2016 10:30 AM
Just a short Update:
after disabling Deviceguard, W-LAN is working again on the Anivasary Update.
Conclusion: microsoft broke W-Lan authentication now completly.
Nice Work !
Anyone with the Same Problem?
regards
Stefan