This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 18%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi,
Can you tell me if Microsoft will soon create a fix for the corporate wifi issue with Windows 11. This is very blocking for our users. the certificates are however installed correctly on the PC
below the log file on windows. Regards.
Log Name:Microsoft-Windows-WLAN-AutoConfig/Operational Source: Microsoft-Windows-WLAN-AutoConfig Date: 05/01/2024 15:29:29 Event ID: 12013 Task Category:OneXAuthentication Level: Error Keywords: (1024),(512) User: System Computer: XXXXX Description : 802.1X wireless authentication failed.
Network card: Intel(R) Wi-Fi 6E AX211 160MHz Interface GUID: {284792f0-dc99-4e41-8b11-fcf1b95f8e0e} Local MAC address: 08:9D:F4:C4:04:7D Network name (SSID): XXXXX BSS type: Infrastructure Peer MAC Address: B4:5D:50:4B:4D:F2 Identity: host/XXXXX User: Domain : Reason: Explicit EAP failure received. Error: 0x80070285 EAP reason: 0x285 EAP root cause string: An internal authentication error occurred. EAP error: 0x285
Event XML: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" /> <EventID>12013</EventID> <Version>0</Version> <Level>2</Level> <Task>24014</Task> <Opcode>205</Opcode> <Keywords>0x8000000000000600</Keywords> <TimeCreated SystemTime="2024-01-05T14:29:29.5830515Z" /> <EventRecordID>455</EventRecordID> <Correlation /> <Execution ProcessID="4860" ThreadID="5480" /> <Channel>Microsoft-Windows-WLAN-AutoConfig/Operational</Channel> <Computer>XXXXX</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="Adapter">Intel(R) Wi-Fi 6E AX211 160MHz</Data> <Data Name="DeviceGuid">{284792f0-dc99-4e41-8b11-fcf1b95f8e0e}</Data> <Data Name="LocalMac">08:9D:F4:C4:04:7D</Data> <Data Name="SSID">XXXXX</Data> <Data Name="BSSType">Infrastructure</Data> <Data Name="PeerMac">B4:5D:50:4B:4D:F2</Data> <Data Name="Identity">host/XXXXX</Data> <Data Name="User"> </Data> <Data Name="Domain"> </Data> <Data Name="ReasonText">Explicit EAP failure received.</Data> <Data Name="ReasonCode">0x50005</Data> <Data Name="ErrorCode">0x80070285</Data> <Data Name="EAPReasonCode">0x285</Data> <Data Name="EAPRootCauseString">An internal authentication error has occurred.</Data> <Data Name="EAPErrorCode">0x285</Data> <Data Name="ConnectionId">0x8</Data> <Data Name="ExplicitCredentials">false</Data> </EventData> </Event>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 25%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Where you able to solve the issue?
I'm seeing the same issue. Windows 10 works fine. Windows 11 works with updates up to 2024-02. When I install 2024-04 it doesnt connect anymore to the wifi if its a certificate based network. A wpa network is fine.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 60%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELJ%3C/text%3E%3C/svg%3E)
We are experiencing the same issue did anyone find a solution ? thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 41%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
is there a solution?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 46%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
I am having the same problem with version 23H2
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 73%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
I am experiencing the same on Windows 11 23H2, with the same WiFi card. The official knowledgebase information on Device/credential card can be found here: https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/configure?tabs=reg
You have several methods to disable the feature. I had to use the registry keys to do it, the local group policy did not work.
To confirm device guard is on or off, look at System Information (msinfo32) and check the Virtualisation security available security properties value does not have credential guard. If it does, the feature is enabled. If it is not displayed on the value, it is off. When it is off, I can connect to our RADIUS WiFi without issues like on Windows 10.
I had a similar problem (works fine on Win 10, but not on Win 11) although I had a different error. No amount of tweaking with certificates made any difference. The fix I found was disabling Device Guard in Group Policy:
Computer Config > Policies > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security: Disabled.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 49%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
Thank you so much been banging my head on this all week!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Does such a problem only happen on Windows 11? Is there any change before problem happens such as update installation, configuration change?
Make sure that the correct internal Root CA certificate is also installed and deployed to the device. And the certificate meets the requirements.
Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS:
Kind Regards,
Karlie Weng
If the Answer is helpful, please click "Accept Answer" and upvote it.
hello Karlie,
the wifi infrastructure works correctly on Windows 10, it is only on Windows 11 that we have this problem.
I can't connect to our company wifi at all, however a private wifi (wpa2) with only a password works.
In addition, I confirm that the certificates appear on the Windows 11 PC.
Regrads.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 75%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIC%3C/text%3E%3C/svg%3E)
I have the same issue with Windows 11. Disable Credential Guard resolved the issue.
Set Computer Configuration\Administrative Templates\System\Device Guard to disabled
The local group policy override to disabled didn't work for me, but setting the registry keys to disable Device Guard described in: https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/configure?tabs=reg did work. Setting the following DWORD values and rebooting turned off Device Guard.
Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Key name: LsaCfgFlags
Type: REG_DWORD
Value: 0
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
Key name: LsaCfgFlags
Type: REG_DWORD
Value: 0
To confirm Device Guard is disabled in System Information (msinfo32) under Virtualisation-based security services running, the value of "Credential Guard" should not appear in the value column. If it does, the service is running and hasn't been turned off.
Once it was disabled our RADIUS WiFi began working immediately.
