Tech Community Live: Windows edition
Jun 05 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

802.1x authentication failed on Windows 11

Copper Contributor

For windows11, the 802.1x authentication is enabled on the network adapter and peap-mschapv2 authentication is selected. However, the identity verification fails. When the Wireshark is used to analyze captured packets, the following information is displayed:

TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Access Denied)


This problem did not occur on other operating system versions, such as windows10

5 Replies

Disabling TCP and UDP checksum offloading for both ipv4 and ipv6 kind of fixed it for me. I'm at least getting internet. 

The "fix" was a shoot in the dark based on experience I've had with a bug in newer versions of windows 10: Unable to send UDP packets larger than the MTU with Windows Build 1809 using C# UdpClient (microsoft...

Had this too with 802.1x and AlwaysOn VPN. The reason is documented here
How does it work? I'm having the same problem and can't access the enterprise network with Windows 11

@loveabe did you fix it ? i have same issue

What I have found is that the default behavior for MSCHAPV2 property has changed from Windows 10 to Windows 11. Windows 10 MSCHAPV2 property is checked to Automatically use my Windows logon name and password and domain if any. In Windows 11 the MSCHAPV2 property is unchecked and greyed out. Solution with a gotchya though.
1. You will need to disable Credential Gurad with gpedit or domain group policy. This allows the manipulation of the MSCHAPV2 property.
2. Make sure you have check marked the MSCHAPV2 property.
3. Here is the gotchya. You have to sign into the machine. Then you will be prompted that the network needs to be signed in. Once the network is signed in, then you can have another user sign in and they will not be prompted. But if you reboot the machine. Then you have to do the sign in into the network after logging in.