Share via

Windows 11 24H2: 802.1X Authentication failure compared to Windows 10

Junho Choi 10 Reputation points
2025-02-27T03:42:55.0666667+00:00
  • Issue Summary:

802.1X authentication fails in Windows 11 24H2, while the same configuration works correctly in Windows 10. This issue persists despite applying all necessary registry settings, manually loading EAP-GTC modules, and ensuring that authentication certificates meet security requirements.

  • Reproduction Steps:

Configure 802.1X authentication using PEAP(MSCHAPv2) or EAP-GTC on a wired connection. Ensure that the authentication process succeeds on Windows 10. Perform the same configuration on Windows 11 24H2 (build 26100 or later). Observe that authentication fails with repeating Request → Identity → Failure packets in Wireshark. Windows prompts with a "Sign in required" notification, but clicking "Sign in" does not open the authentication UI.

  • Findings & Debugging Details:

Our 3rd party Eap module loads in dllhost.exe, but the function EapPeerBeginSession() is never called in Windows 11. Event Viewer (EapHost Logs): No EapPeerBeginSession() logs, only GtcEapPeerGetIdentity() logs. Process Explorer: eaphost.exe, dllhost.exe loads EapGtc module, but the authentication UI (pfInvokeUI = TRUE) does not trigger.

DebugView++ Logs: dllhost.exe starts and stops immediately. Possible changes in EAPHost behavior prevent third-party EAP-GTC modules from properly triggering the authentication UI.

  • Expected Behavior:

Is there no way to allow 802.1X authentication using 3rd party EAP modules in Windows 11 like in Windows 10? When I checked with Process Explorer, I found that the dllhost.exe process with the following COM classes is repeatedly launched/terminates.

COM Class:

ThirdPartyEapDispatcherPeerConfig

c:\windows\system32\eapp3hst.dll

Microsoft ThridPartyEapDispatcher

Microsoft Corporation

When I click the "Sign in" button when I get the "Sign in" notification, it just brings up the network settings window. It should pop up either the Windows login UI or the login UI of the 3rd party EAP module, like how Windows 10 behaves.

  • Methods I've Tried:
  1. Manually enabling ThirdPartyEapDispatcherPeerConfig (REG_DWORD = 1) in: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost
  2. Disabling Credential Guard to restore certain authentication behaviors. Request: I would like to know how EAP authentication behavior has changed in Windows 11 24H2, whether it works normally, etc. Are there any fixes or workarounds for 3rd party EAP module support? This issue impacts every enterprise users relying on 802.1X authentication for secure wired network access.
  • Referenced Sites:

https://community.arubanetworks.com/discussion/clearpass-windows-11-24h2-auth-fail-error-code-216?utm_source=chatgpt.com

https://community.cisco.com/t5/network-access-control/802-1x-connection-problem-between-windows-11-and-ise/td-p/5027789

https://www.reddit.com/r/sysadmin/comments/1fy95vz/win11_updates_break_8021x_until_gpupdate_happens/?rdt=33273

Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
838 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.