For us the workaround was to add reg key here:
HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel\
value: CertificateMappingMethods
Data Type: DWORD
Data: 0x1F
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
after installing the latest patch tuesday (May 2022) updates and restarting the servers the domain computers (Win 10) are not able to join to company's local network via ethernet or Wifi anymore. Both connection methods are using NPS with EAP and certificate based authentication.
Before installing the updates everything was working fine. This problem appeared right after installing the updates and rebooting the servers. No change in any settings regarding NPS or certificates were made before the problem started.
After installing the updates the NPS log stopped logging new events despite it seemed to be still enabled for both success and failure. I disabled and then re-enabled the logging and now it seems to log properly.
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
Now the log event for every computer trying to join the company's local network seem to be this:
Event ID: 6273
Keyword: Audit Failure
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
What could be the causing this problem?
Thank you in advance!
For us the workaround was to add reg key here:
HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel\
value: CertificateMappingMethods
Data Type: DWORD
Data: 0x1F
Hello, we have the same issues after the update installation.
All our WiFi clients stop working.
Microsoft released some KB here https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services
however it is not clear if its fully safe to do those changes across domain controllers or not
Some additional info:
I found this site.
I added the registry entry and rebooted the NPS-server. Unfortunately it didn't help and the problem still remains.
As a workaround, create the following registry on your server: Create DWORD registry key under:
SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\
New_DWORD: DisableEndEntityClientCertCheck
and set value to 0
We are having similar issues with NPS as well. This update has also caused DHCP to fail.
I'm thinking of uninstalling the CU.
Thank you for the help!
Modifiying the registry as suggested by VasylKlyuyev seems to get authentication working again.
That is still a temporary workaround, 'cause it uses weak certificate mapping methods - hope that Microsoft will soon provide a proper update to fix this.
The SChannel registry key default was 0x1F and is now 0x18. If you experience authentication failures with Schannel-based server applications, we suggest that you perform a test. Add or modify the CertificateMappingMethods registry key value on the domain controller and set it to 0x1F and see if that addresses the issue. Look in the System event logs on the domain controller for any errors listed in this article for more information. Keep in mind that changing the SChannel registry key value back to the previous default (0x1F) will revert to using weak certificate mapping methods.
Here are a couple of links related to this matter.