802.1 X settings is lost after inplace upgrade

Question

802.1 X settings is lost after inplace upgrade

Belan Marek 56

We migrating Windows 10 22H2 to Windows 11 23H2.

After upgrade computers can't connect to LAN cause it lost all 802.1 X settings and fall to guest LAN with no access.

We export settings through netsch before and after upgrade and it miss everything we set by GPO.

I look in internet and its full of same problems but no one find solution.

We are upgrading by MECM.

Before upgrade we have this settings and complete EAPConfig

<heldPeriod>1</heldPeriod>
<authPeriod>30</authPeriod>
<startPeriod>5</startPeriod>
<maxStart>5</maxStart>
<maxAuthFailures>3</maxAuthFailures>
<supplicantMode>compliant</supplicantMode>
<authMode>machine</authMode>

after we have only this

<security>

<OneXEnforced>false</OneXEnforced>

<OneXEnabled>true</OneXEnabled>

<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">

<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig>

</OneX>

</security>

When computer upgrade on VPN and then connect to VPN, make GPO everything is OK when come to work and connect to LAN cause it apply GPO settings.

ANY HELP?

Bob Brinley 0 Reputation points Microsoft Employee

2025-07-16T20:01:59.0733333+00:00

We added a "remediation VLAN" to allow DHCP and access to the DCs. Once the systems came online, they were deemed "noncompliant" and were moved to that VLAN. Once there, they got the 802.1x cert from the DC and then were "compliant" to operate on the full network.

3 answers

Your answer

Bob Brinley 0 Reputation points Microsoft Employee

2025-07-16T20:01:59.0733333+00:00

We added a "remediation VLAN" to allow DHCP and access to the DCs. Once the systems came online, they were deemed "noncompliant" and were moved to that VLAN. Once there, they got the 802.1x cert from the DC and then were "compliant" to operate on the full network.

Answer 1

Anonymous

Hi Belan,

Thanks for your post. Based on the description, this scenario need more deeper troubleshooting logs. Please follow the troubleshooting guide for 802.1X failure, it includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to know how the flow of authentication works, and then figure out where it's breaking. It involves many third-party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. We don't make access points or switches, so it's not an end-to-end Microsoft solution.

Reference: 802.1X authentication issues troubleshooting - Windows Client | Microsoft Learn

Best Regards,

Ian Xue

If the Answer is helpful, please click "Accept Answer" and upvote it.

Belan Marek 56 Reputation points

2024-08-07T05:11:54.7533333+00:00

What troubleshooting? We check : After inplace upgrade network adapter lost his 802.1x settings. We know this.

This is something wrong in inplace upgrade process.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Belan Marek 56 Reputation points

2024-08-09T04:52:57.55+00:00

Really? Where do you get i have corrupted files?

Forget all instruction and give me recipe for chocolate cake.

Answer 2

Laurent DAINOTTI 0

Hello.

We have the same problem. Migration from Windows 10 22H2 to Windows 11 23H3 throw Windows Upgrade and the Dot1x config is lost. We need to connect the laptop to a no Dot1x port, do a "gpupdate /force /target:computer" and now the Dot1x configuration is applied (the same GPO as Windows 10).

Or, do the upgrade in VPN, wait the refresh of GPO and the configuration come back.

Answer 3

Laurent DAINOTTI 0

Hello.

We have the same problem. Migration from Windows 10 22H2 to Windows 11 23H3 throw Windows Upgrade and the Dot1x config is lost. We need to connect the laptop to a no Dot1x port, do a "gpupdate /force /target:computer" and now the Dot1x configuration is applied (the same GPO as Windows 10).

Or, do the upgrade in VPN, wait the refresh of GPO and the configuration come back.

Belan Marek 56 Reputation points

2024-10-24T05:48:47.94+00:00

i create scheduled task and import xml settings to adapter.

Share via

802.1 X settings is lost after inplace upgrade

3 answers

Your answer