802.1x authentication failed on Windows 11

%3CLINGO-SUB%20id%3D%22lingo-sub-2635035%22%20slang%3D%22en-US%22%3E802.1x%20authentication%20failed%20on%20Windows%2011%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2635035%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20windows11%2C%20the%20802.1x%20authentication%20is%20enabled%20on%20the%20network%20adapter%20and%20peap-mschapv2%20authentication%20is%20selected.%20However%2C%20the%20identity%20verification%20fails.%20When%20the%20Wireshark%20is%20used%20to%20analyze%20captured%20packets%2C%20the%20following%20information%20is%20displayed%3A%3C%2FP%3E%3CP%3ETLSv1.2%20Record%20Layer%3A%20Alert%20(Level%3A%20Fatal%2C%20Description%3A%20Access%20Denied)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20problem%20did%20not%20occur%20on%20other%20operating%20system%20versions%2C%20such%20as%20windows10%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2819432%22%20slang%3D%22en-US%22%3ERe%3A%20802.1x%20authentication%20failed%20on%20Windows%2011%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2819432%22%20slang%3D%22en-US%22%3E%3CP%3EDisabling%20TCP%20and%20UDP%20checksum%20offloading%20for%20both%20ipv4%20and%20ipv6%20kind%20of%20fixed%20it%20for%20me.%20I'm%20at%20least%20getting%20internet.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20%22fix%22%20was%20a%20shoot%20in%20the%20dark%20based%20on%20experience%20with%20an%20I've%20had%20with%20a%20bug%20in%20newer%20versions%20of%20windows%2010%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fen-US%2F965e107e-d9b0-4240-ac3f-74797c91b476%2Funable-to-send-udp-packets-larger-than-the-mtu-with-windows-build-1809-using-c-udpclient%3Fforum%3Dwin10itpronetworking%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUnable%20to%20send%20UDP%20packets%20larger%20than%20the%20MTU%20with%20Windows%20Build%201809%20using%20C%23%20UdpClient%20(microsoft.com)%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Visitor

For windows11, the 802.1x authentication is enabled on the network adapter and peap-mschapv2 authentication is selected. However, the identity verification fails. When the Wireshark is used to analyze captured packets, the following information is displayed:

TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Access Denied)

 

This problem did not occur on other operating system versions, such as windows10

2 Replies

Disabling TCP and UDP checksum offloading for both ipv4 and ipv6 kind of fixed it for me. I'm at least getting internet. 

The "fix" was a shoot in the dark based on experience I've had with a bug in newer versions of windows 10: Unable to send UDP packets larger than the MTU with Windows Build 1809 using C# UdpClient (microsoft...

Had this too with 802.1x and AlwaysOn VPN. The reason is documented here https://directaccess.richardhicks.com/2021/09/23/always-on-vpn-error-853-on-windows-11/