No, we are not and just using AD groups for authentication and with Windows 8 - I get the computer password is wrong and even with this fix - still no resolution
below are the details -
M: Windows 8 Machine Auth not working.
CSCuc13862
Description
Symptom:
Machine authentication using machine password will not work on Windows 8 /
Server 2012.
Conditions:
Windows 8 and Windows Server 2012 platforms.
Workaround:
Registry fix described in Microsoft KB 2743127
(http://support.microsoft.com/kb/2743127) needs to be applied to the client
desktop. This fix includes adding a DWORD value
LsaAllowReturningUnencryptedSecrets to the
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key and
setting this value to 1. This change permits Local Security Authority (LSA)
to provide clients like Cisco Network Access Manager with the Machine
password. It is related to the increased default security settings in Windows
8 / Server 2012. Machine authentication using Machine certificate does not
require this change and will work the same as it worked with pre Windows 8
OSes.
Note:
Machine authentication allows a client desktop to be authenticated to the
server before the user logs in. During this time server can perform scheduled
administrative tasks for this client machine. Machine authentication is also
required for the EAP Chaining feature where a server can authenticate both
User and Machine for a particular client. This will result in identifying
company assets and applying appropriate access policy. For example, if this
is a personal asset (PC/laptop/tablet), and a company login is used, server
will fail Machine authentication, but succeed User authentication and will
apply proper access restrictions to this client desktop.
