Share via

W11 22H2 Add-VpnConnection 'UseWinlogonCredential' no longer works

Jimmy K 1 Reputation point
2022-11-23T08:12:27.283+00:00

We use a VPN Connection for connectivity with our datacenter, see script below.
This connection uses the parameter -UseWinlogonCredential (Windows logon credentials are used automatically when connecting the VPN connection profile.)

After updating from Win11 21H2 to Win11 22H2, our VPN connection isn't allowed to use the above parameter.
Because of this change all users are forced to enter their credentials in the login prompt.

PowerShell script to create this VPN connection: 

$VPN_FromHome="VPN Datacenter"  
$_vpnDnsSuffix = "ad.local"  
$_vpnServerAddress="x.X.X.X"  
$_vpnPSK="mySecretPSK"  
Add-VpnConnection -Name $VPN_FromHome -ServerAddress $_vpnServerAddress -TunnelType L2tp -EncryptionLevel Required -L2tpPsk $_vpnPSK -DnsSuffix $_vpnDnsSuffix -AuthenticationMethod "MSChapv2" -Force -UseWinlogonCredential $true

c:\Windows\System32\rasphone.exe:
The option 'Automatically use my Windows log-on name and password' is not accessible.
263374-image.png

Similar report from this problem found online, reported on 13 sep 2022: insiders-build-10-0-22621-105-wireless-profile-xml-usewinlogoncredentials-no-longer-working.8911)

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Robin Wilson 11 Reputation points
    2023-03-21T09:34:36.71+00:00

    I just hit this issue where a work laptop upgraded to 22H2 and the VPN stopped working and refused to connect when it had always worked fine on 21H2.

    The solution it turns out is to disable Windows Defender Credential Guard as this is off by default in 21H2 but turned on by default from 22H2 onwards.

    When enabled, it prevents the existing windows login from being passed to the VPN connection so users are propmted for credentials and it does not automatically connect and this feature also prevents the saving of cached credentials on RDP connections where the login must be specifically entered.

    Depending how the PPTP VPN is configured and login types accepted then the connection can fail even though valid domain credentials are specified.

    Here is a link on how to disable Windows Defender Credential Guard which then enables the VPN to work the same way as it did before and should hopefully resolve any issues.

    https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage

    It can be controlled via Group Policy so if it will affect connectivity to a corporate VPN then the policy will need rolling out before the upgrade is pushed out to users and devices drop off the network.

    1 person found this answer helpful.
    0 comments
  2. Limitless Technology 44,776 Reputation points
    2022-11-24T11:13:56.003+00:00

    Hi,

    Thank you for posting your query.

    Kindly follow the steps provided below to resolve your issue.

    TRY to use this

    1. OPEN POWERSHELL (ADMINISTRATOR)
    2. TYPE> WMIC QFE LIST BRIEF /FORMAT:TABLE
    3. TYPE> WUSA /UNINSTALL /KB:(NUMBER)

    Do not hesitate to message us if you need further assistance.

    Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/answers/questions/691993/can39t-connect-to-any-vpn-after-today39s-windows-u.html

    -------------------------------------------------------------------------------------------------------------------------------

    If the answer is helpful kindly click "Accept as Answer" and up vote it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.