Solved: Re: 802.1x Wired Config not enabled on client pcs

dadziepatrick · ‎03-02-2022

We have configured 802.1x wired settings using EAP on AD using group policy and pushed to AD joined clients. On the client pcs, the EAP MSCHAPv2 Properties dialog box is unchecked when connecting and this is same on other pcs though a few have it checked.

Sceenshot

Greg Gibbs · ‎03-02-2022

This is likely a symptom of Credential Guard being enabled by the Domain Group Policy.

For Win10 PCs with UEFI//SecureBoot enabled, the default domain policy likely enables the Credential Guard feature which breaks MSCHAPv2.

You would need to disable CG in the domain policy or look at moving to EAP-TLS, using a different supplicant (like NAM), etc.

View solution in original post

Rob Ingram · ‎03-02-2022

@dadziepatrick can you confirm the GPO policy is applied to these computers, use the command - "gpresult /r"

Greg Gibbs · ‎03-02-2022

This is likely a symptom of Credential Guard being enabled by the Domain Group Policy.

For Win10 PCs with UEFI//SecureBoot enabled, the default domain policy likely enables the Credential Guard feature which breaks MSCHAPv2.

You would need to disable CG in the domain policy or look at moving to EAP-TLS, using a different supplicant (like NAM), etc.

thomas · ‎03-06-2022

The Windows operating System has two (2) native supplicants

1) wireless supplicant which is on by default

2) wired supplicant which is DISABLED by default

You need to use Windows Group Policy Objects (GPOs) or an MDM or some other configuration service to enable and configure it. Looks like it was not configured correctly.