Dear all
My domain environment contain Windows 10 and 11 laptops. ADMX are updated to 22h2 and the GPO on both Windows 10/11 are same. NIC setting are same.
On our LAN network we have Cisco ISE for 802.1x Authentication and method is MSCHAPv2.
I Google for the solution and I found that the new feature in Windows 11 "Credential Guard " break the MSCHAPv2.
https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
I follow the instruction from MS ,disable the whole "Virtualization-Based Security" in Windows level and BIOS level and I confirm the "Credential Guard " is not running.Event viewer didn't show any "Credential Guard " event after "Virtualization-Based Security" disabled.
But problem didn't solve.
I do some test flow like below:
Physically login a laptop>ISE pass,network connected>RDP from another computer>insert password >show login screen for 1-2 seconds >disconnected.
And then I found that the laptop is totally disconnected from network, I need to physically login the laptop again ,wait for the authentication then network connected.
But after I test the flow many times, sometime its works! RDP successfully,just sometime......it make me headache.
And,if the laptop connects with Wifi or LAN (without ISE) ,the RDP is working fine.
Anyone having the same problem like me?Is there any solution if we stay with MSCHAPv2 password authentication?
Thanks everyone.