Apparently, there is a certificate management bug in Windows 11 that many companies are currently turning to. Many organizations use certificate-based authentication to access networks or the resources within them. Especially when connecting from unsecured networks, using a VPN is a common thing these days.
Like its predecessors, Windows 11 offers two certificate stores to store these VPN certificates: a computer certificate store and a user certificate store. In addition to trusted root or intermediate CAs, this also includes your own certificates.
reimport everything
The problem now is that according to reports from some administrators, after changing the user’s password in Active Directory and then rebooting, there is no longer access to their own certificates in the user’s certificate store. ‘user. a single New import helped in some cases. Even a private key marked as exportable was not accessible.
According to current knowledge, the error only appears with Active Directory clients in combination with specially imported user certificates. Standalone PCs without domain integration don’t seem to be affected.
The behavior leads especially in pandemic times to massive problems when using certificate-based VPNs, but also in WLANs and LANs authenticated with user certificates. Applications with certificate-based client authentication are also affected. According to forum posts, early admins are already breaking the Win 11 version due to the issue.
iX asked Microsoft for a statement, but only received information on May 5 that the manufacturer was “looking into the issue more closely.” Apparently the search for the cause is ongoing, especially since the error only occurs if the client, for example in the home office, does not have a connection to AD immediately after changing the password (as of May 9, 2022 at 2 p.m.).
[Update: 09.05.2022 – 14:50 Uhr] According to a previous version of this post, a fix already exists for the issue described. Apparently that’s not the case yet.
(you)
Introvert. Beer guru. Communicator. Travel fanatic. Web Defender. Certified Alcohol Geek. TV lover. Subtly charming internet aficionado.
