@LEFEBVRE Francois, Thanks for the update. I am glad the issue is resolved. For the registry key you modify, based on my researching, I find the value of the registry key affects TLS 1.2 The data in the Functions value refer to the signature/hash combinations that are supported on TLS 1.2 certificate chains (excluding the root) as well as the signature/hash combinations that can be used when signing TLS 1.2 messages such as the ServerKeyExchange message and the CertificateVerify message.
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/more-speaking-in-ciphers-and-other-enigmatic-tongues-with-a/ba-p/4047491
Based on my understanding, it can be that the above signature/hash combinations is not supported in your radius authentication with TLS. So when you remove them it works. As this is this one aspect I am not familiar with. If you want to know this in deep, I think you may contact windows or radius support to get more information.
Meanwhile, to help others who have the same issue to find the solution quickly, please let me write a summary for this issue.
Issue:
Prod computers ( win11 23h2 ) : wired authentication failed with radius server using SCEP certificate deployed via Intune.
Error code : 0x90090304
Reason : 0x50005
Resolution:
Thanks for your time and have a nice day!
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.