Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
1
Replies

Windows 11 authentication after restart - TEAP

Go to solution
Micinel
Level 1
Level 1

‎05-15-2024 03:47 AM

Hello,

I have a problem with Windows 11 against RADIUS ISE.

We are using GPO for devices in enterprise.  Client authentication is configured by EAP-TLS. I guess configuration is not problem.

Windows 11 is authenticated normally on wifi and wired as well. The problem sets when the PC is restarted. After restart - before login into AD, PC is not authenticated. When user use his credentials, device is authenticated normally.

 

I need to achieve the state that when the PC is turned on, it is automatically authenticated on ISE before logging in to AD. It is due to remote access, if the user is doing something from home and logs in via RDP to the PC and need restart.

 

Many thanks.

Have a good day.

Michal

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ben Walters
Level 4
Level 4

‎05-15-2024 07:29 AM - edited ‎05-15-2024 07:30 AM

You can achieve this through machine authentication, if you are using win 11 TEAP it does support EAP chaining, which allows both user and machine auth. 

To do this you will need to change the authentication mode from "user" to "user or computer" when configuring the network profile and then select a method for authentication, either MS-CHAP or EAP-TLS.

One thing to note with Win 11 and TEAP, if you have credential guard enabled you will not be able to authenticate machines without having device certificates and using EAP-TLS.

 

More info can be found here: https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles?tabs=netsh-wifi%2Cpowershell-vpn%2Csettings-wifi%2Cgroup-policy-wifi 

 

Hopefully this was helpful information.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ben Walters
Level 4
Level 4

‎05-15-2024 07:29 AM - edited ‎05-15-2024 07:30 AM

You can achieve this through machine authentication, if you are using win 11 TEAP it does support EAP chaining, which allows both user and machine auth. 

To do this you will need to change the authentication mode from "user" to "user or computer" when configuring the network profile and then select a method for authentication, either MS-CHAP or EAP-TLS.

One thing to note with Win 11 and TEAP, if you have credential guard enabled you will not be able to authenticate machines without having device certificates and using EAP-TLS.

 

More info can be found here: https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles?tabs=netsh-wifi%2Cpowershell-vpn%2Csettings-wifi%2Cgroup-policy-wifi 

 

Hopefully this was helpful information.

0 Helpful
Customers Also Viewed These Support Documents