Share via

Windows 11 domain-joined PC can't join Wi-Fi network on sign-in screen

KC 20 Reputation points
2025-06-12T15:27:55.75+00:00

Hello,

I have begun rolling out Windows 11 for domain joined machines and have noticed an issue when connecting to the company's secured Wi-Fi at the sign-in screen. The user attempts to connect to Wi-Fi, but it will fail with the message "can't connect to this network."

For Windows 10 machines, the user is always prompted to authenticate with their user credentials. Once the credentials are cached by signing in with Ethernet, they do not need to be connected via Ethernet to connect again (unless password has expired). It seems that Windows 11 is skipping this authentication step and is resulting in a failure to connect. The user has to be connected to an Ethernet cable and signed in to connect to Wi-Fi initially. Once the user disconnects the ethernet cable and signs out, they can't connect to Wi-Fi from the sign-in screen. They have to be signed in first.

It seems like it is a misconfigured setting, I'm just not sure where to start looking (GPO vs Windows Server). Are there any Event Viewer logs that could be enabled for troubleshooting?

Solution: I found out that this is likely due to Credential Guard. My company is using PEAP, not EAP-TLS, which is what brings me to this conclusion. It looks like the only solutions are 1. Switch over to EAP-TLS or 2. disable virtual-based security (VBS) in GPO. The latter is not a viable option due to business use.

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments
Accepted answer
  1. Smith Pham 1,790 Reputation points Independent Advisor
    2025-06-13T09:25:42.0066667+00:00

    Dear Team,

    You have correctly identified the primary solutions:

    1. Switch to EAP-TLS Authentication: This is the most secure and recommended solution. EAP-TLS uses certificates for authentication instead of usernames and passwords, which bypasses the issue with Credential Guard and provides a more robust security posture.
    2. Disable Virtualization-Based Security (VBS)/Credential Guard: While this would resolve the immediate Wi-Fi issue, it is not recommended as it significantly reduces the security of the devices by exposing them to credential theft attacks like Pass-the-Hash. Given your business requirements, this option is rightly off the table.
    3. Troubleshooting and Verification

    For troubleshooting and confirming the issue, you can look into the Event Viewer. The most relevant logs would likely be found under:

    • Windows Logs -> Security
    • Applications and Services Logs -> Microsoft -> Windows -> WLAN-AutoConfig
    • Applications and Services Logs -> Microsoft -> Windows -> NDIS

    Look for events related to authentication failures, security protocols, and network connection attempts around the time a user tries to connect from the sign-in screen. These logs can provide more specific error codes or messages that can definitively point to a credential or authentication protocol issue.

    Best Regards

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.