Forum Discussion
Windows 11 clients cannot authenticate to NPS server using computer authentication
We have a Windows server 2019 datacenter server running NPS. Our WiFi Office clients authenticate to this server for access to the corporate WiFi network. We use computer authentication, so members o...
- Had this with 802.1x and AlwaysOn VPN. Maybe it's the same for your Wifi profile,. The reason is documented here https://directaccess.richardhicks.com/2021/09/23/always-on-vpn-error-853-on-windows-11/
But seriously - to Disable Device Guard - is that even an option you want?
Our fix is to rename the NPS server so its name is lowercase. Since our NPS's are also a a DCs the steps are
1. uninstall Certificate Authority
2. rename the server to lowercase using the following
netdom computername DC1.domain.local /add:dc1.domain.local
netdom computername DC1.domain.local /makeprimary:dc1.domain.local
shutdown /r
3. Install Certificate Authority again
I have a lot of servers to change so if there is a less disruptive workaround I love to hear what it is.
- Hello,
Please keep in mind having a CA on a domain controller is not supported (and will block you from upgrading to another OS). Having NPS role on domain controllers is also not recommended.
MikkelLundKnudsen Device Guard offers a critical protection against numerous ransomwares as it counters Mimikatz-based attacks, so that's a big no in my book.
