Can't configure TEAP settings for wired connection in Windows 11 22H2

Peter Lapornik 16 Reputation points
2022-10-05T12:08:21.367+00:00

In Windows 11 22H2 I can't enable the following option for TEAP-based 802.1X authentication on wired connections:

Control Panel -> All Control Panel Items -> Network Connections -> Network Card Properties -> Network Authentication Method: Microsoft: Tunnel EAP (TEAP) -> Settings

Under Primary EAP method:
Microsoft: Secured password (EAP-MSCHAP v2) -> Configure
Automatically use my Windows logon name and password (and domain if any) ===> this option is greyed out and can't be selected

Under Secondary EAP method:
Microsoft: Secured password (EAP-MSCHAP v2) -> Configure
Automatically use my Windows logon name and password (and domain if any) ===> this option is greyed out and can't be selected

The computer also doesn't have an option/dialog to enter credentials when trying to perform 802.1X authentication.

Notes:
The above used to work under W11 22H1 and most versions of Windows 10.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,367 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Peter Lapornik 16 Reputation points
    2022-10-06T14:14:37.1+00:00

    The culprit was that Credential Guard was enabled automatically during the upgrade from Windows 22H1 to Windows 11 22H2.

    We disabled this in two steps:

    1. Via group policy
      248069-credentialguardgpo.png
    2. Manually deleted the Credential Guard EFI variables on the affected computers

    The following is a reference for the above:
    https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage


  2. Limitless Technology 39,416 Reputation points
    2022-10-06T15:00:46.64+00:00

    Hello there,

    Some users have stated that the below registry tweak has sorted this issue.

    Go to the following location in the registry. You can also paste it in the path bar to quickly jump there:

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services

    With Terminal Services selected in the left pane, double-click fDenyTSConnections on the right and change its value.
    If the fDenyTSConnections DWORD isn’t available, you can create it. To do that, right-click on the blank area in the right pane and select New > DWORD (32-bit) Value. After the new DWORD shows up, rename it to fDenyTSConnections.

    Give it an value of 0 and reboot and check if the option is live back

    ------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--