I'm encountering a persistent issue where Windows 11 feature updates (like the in-place upgrades) are breaking the 802.1X wired authentication for our enterprise devices. Has anyone else faced this problem, and if so, what reliable fixes or workarounds have you found?
Here's a bit more context: during upgrades from versions like 23H2 to 24H2 or 25H2, the contents in the C:Windowsdot3svcPolicies folder get silently removed. This folder holds important 802.1X wired authentication profiles that are set through Group Policy. The problem is, after an upgrade, the Wired AutoConfig loses its applied authentication policy and defaults to PEAP-MSCHAPv2, causing devices to fail NAC authentication due to the missing enterprise settings.
The impact is quite significant as devices that rely on wired 802.1X lose connectivity right after an update, which requires manual intervention like connecting to a non-802.1X network and running a group policy update to restore connectivity.
We're considering backup/restoration of the dot3svc policy files, reapplying wired profiles via scripts post-upgrade, or leveraging Intune remediation scripts, although the options with Intune Autopatch updates seem to be limited. Any insights on effective solutions you all have discovered would be hugely appreciated!
5 Answers
We encountered this too, but only on a few machines. To work around it, we used USB Wi-Fi adapters to connect to the wireless network, then forced the policies to refresh. It wasn't a perfect fix, but it helped in the short term!
Similar issues came up for us during the 23H2 to 24H2 upgrade, but Wi-Fi seemed fine. To fix it, we set the unauthenticated wired network to avoid sending out DHCP leases, preventing it from being treated as the default interface. As long as there was Wi-Fi available for connecting to the domain controller, we could refresh the group policies without trouble.
Regarding your mention of GPO-set 802.1X profiles, have you seen similar issues with the CSP XML pushed through Intune? That might be another avenue worth exploring.
It always seems like Microsoft breaks 802.1X every couple of years with those updates! It’s like clockwork!
I had the same issue when we upgraded from Windows 10 to 11. It was a hassle—I had to connect to a non-802.1X network just to update the policies on the affected devices. Definitely feels like a recurring issue every time there's a major update!
Yeah, this kind of disruption seems to happen with each new version. Looking at what you did makes me think it’s a universal bug with the upgrades.
That sounds frustrating! I noticed they changed the default for Credential Guard, which might be causing some of these problems. Disabling it in the UEFI helped my machines stay connected to 802.1X.