4,660 questions
Maybe this one helps.
--please don't forget to close up the thread here by marking answer if the reply is helpful--
Why would Windows 11 computers not connect to the enterprise WiFi?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 81%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGH%3C/text%3E%3C/svg%3E)
Gregg Hughes
291
Reputation points
Good afternoon, all!
My customer has an enterprise WiFi network and test Windows 11 computers aren't able to connect.
The corporate WiFi is made up of Unifi APs and a Server 2012R2 NPS doing RADIUS chores. The NPS connection policy requires a computer and user certificate, both of which are distributed by a corporate Cert server. All servers and computers, including the NPS server, have intermediate and root CAs allowing them to trust the corporate certs. Group policies distribute the certs and make for automatic WiFi connections without any user interaction. This is working without issue on Win10 machines and has for a few years.
When one user did an in-place upgrade to Win 11, all connectivity worked just fine except for WiFi. On further testing on both the users and another test machine, the NPS server refused to connect with the error:
Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.
As noted, there have been no issues with Win 10 machines.
We ran into a previous issue where Microsoft required certificates with a new OID sequence, but that was resolved, at least for the time being.
Is there a change from how Win 10 presents certificates to a requesting machine? Or is this error not accurate and there's another place to troubleshoot?
Thanks to all for looking!
G
Windows for business Windows Client for IT Pros Networking Network connectivity and file sharing
Windows for business Windows Client for IT Pros User experience Other
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 7.000000000000001%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
Ben Petersen 0 Reputation points2024-02-16T17:32:00.24+00:00 Almost identical problem here. Running Windows Server 2019 with NPS, but also using Unifi WAPs. Windows 10 systems work fine. Windows 11 systems will not connect to wifi.
-
Gregg Hughes 291 Reputation points
2024-08-23T18:16:10.6066667+00:00 Update to all:
I built a 2022 NPS server and migrated settings to it successfully. However, the same problem still happens - I've swapped certs between my own Enterprise CA and a GoDaddy cert with no luck. I'm going to build another client - Surface 7 rather than an HP laptop - and see if the problem follows the OS or the manufacturer. Also looking at trying a commercial cert on the test client - any suggestions on a free/cheap CA that Windows already trusts?
As always, thanks for looking and, if anyone has any ideas, please feel free to hmu!
Thanks!
Sign in to comment
3 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2023-12-11T22:26:16.66+00:00 -
Anonymous
2023-12-12T13:39:53.5666667+00:00 Just checking if there's any progress or updates?
--please don't forget to close up the thread here by marking answer if the reply is helpful--
-
Gregg Hughes 291 Reputation points
2023-12-12T14:06:28.9233333+00:00 Good morning, Dave!
Thanks for looking into this for me. Unfortunately, the certificates used by the NPS server are both valid. PEAP is using a fresh GoDaddy certificate (exp 11/21/2024) and the SmartCard/other certificate is using the corporate CA (exp 5/3/2024). The Connection Request Policy specifies to "Authenticate WiFi locally" and to pass through to the Network Policies for authentication parameters.
Since Win 10 machines are connecting with no issue, I'm still looking at some change, either in how Win 11 handles certificates or some disconnect between Win 11 and Server 2012.
Would be interested in your further thoughts on this.
Thanks!
G
-
Anonymous
2023-12-12T14:33:51.16+00:00 -
Anonymous
2023-12-13T12:56:43.82+00:00 Just checking if there's any progress or updates?
--please don't forget to close up the thread here by marking answer if the reply is helpful--
-
Gregg Hughes 291 Reputation points
2023-12-13T14:41:20.89+00:00 Hello, Dave!
Sorry, that's also not the issue. The cert is not a wildcard cert.
thanks!
-
Ben Petersen 0 Reputation points
2024-02-16T17:24:53.4366667+00:00 I am having the same or similar problem. Windows 11 machines will not connect to the Enterprise Wifi. Windows 10 works fine. I have tried many different things.
Anyone have a solution yet?
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 77,686 Reputation points Volunteer Moderator2023-12-12T22:13:05.3233333+00:00 you need to add the certificate as a trusted certificate on the windows 11 machine. its probably a self-signed cert. you may need the signing cert.
-
Gregg Hughes 291 Reputation points
2023-12-15T17:08:30.8366667+00:00 Hello, Bruce!
I added the certificate explicitly to the Local Machine Personal certs with no discernible difference. I'm looking further at Credential Manager to see if the client is doing something weird
-
Gregg Hughes 291 Reputation points
2024-08-14T20:58:56.4433333+00:00 Hi, Bruce!
This is an Enterprise CA cert and both the Root and Intermediate Certificates are installed. Still hunting for a solution on the server side.
Sign in to comment -
-
Anonymous
2023-12-13T02:44:28.82+00:00 Hi,
The PEAP settings in the GPO create the wireless profile as the setting to verify the certificate, make sure Root CAs are included.
Try to manually re-install the NPS server's certificate on the client. Or try to edit the wireless connection on the client and in the Protected EAP properties specific that the client should not Validate server certificate and confirm if it works.
Regards,
Karlie
-
Gregg Hughes 291 Reputation points
2024-08-14T21:02:50.2466667+00:00 Hi, Karlie!
Took a look at the certificates and installed them to the Personal and to the Intermediate folders with no success. I also compared the existing Enterprise Root CA and the Intermediate CA and they're identical (same serial and thumbprint). Also made sure the GoDaddy intermediate and Root certs match and, of course, they do.
I looked at the current GPO settings and checking the server certificate is enabled. I might have a go at that for an interim solution if it works, but that kind of defeats the purpose of a secured wireless network......
Thanks! I'll keep you posted on what happens.
Sign in to comment -