Apparently, there is a bug in the handling of certificates in Windows 11, which many companies are currently switching to. Many organizations use certificate-based authentication to access networks or resources within them. Especially when connecting from insecure networks, the use of a VPN is a common thing nowadays.
Like its predecessors, Windows 11 offers two certificate stores to store such VPN certificates: a computer certificate store and a user certificate store. In addition to trusted root or intermediate certificate authorities, this also includes your own certificates.
import all again
The problem now is that according to reports from some administrators, after changing the user password in Active Directory and then rebooting no more access to own certificates exists in the user certificate store. only one A new import helped in some cases.. Even a private key marked as exportable could not be accessed.
Based on current knowledge, the error only appears with Active Directory clients in combination with specially imported user certificates. Standalone PCs without domain integration do not appear to be affected.
Behavior is leading especially in times of pandemic to massive problems when using certificate-based VPNs, but also in WLAN and LAN networks authenticated with user certificates. Applications with certificate-based client authentication are also affected. According to forum posts, early admins are already breaking the Win 11 release due to the issue.
iX asked Microsoft for a statement, but only received information on May 5 that the manufacturer was “in the process of looking at the issue more closely.” Apparently the search for the cause is ongoing, especially since the error only occurs if the client, for example in the home office, has no connection to the AD immediately after changing the password (as of May 9, 2022 at 2 pm).
[Update: 09.05.2022 – 14:50 Uhr] According to a previous version of this message, a patch already exists for the problem described. Apparently that’s not the case yet.
(you)