locked
Windows 10 Workstations ask for cert when upgraded to build 1709 RRS feed

  • Question

  • Hello,

    We are upgrading a around 200 Windows 10 Workstations that are on build 1511 and 1607 to 1709.  After the upgrade we have a certificate prompt where it shows 2 certs, 1 for the WiFi and one for the communications sever.  If we select the WiFi one (username@domain.com) they get on the corp WiFi (802.1x) and all is ok until they restart and this happens again (doesn't happen if the just log off and back on).  This also happens on build 1703.

    If we have a workstation with no Skype 2016 installed we get no issues with WiFi, as soon as we install the client Skype for Business 2016 and login in we get this certificate prompts, so something must of changed on the 170x builds.

    Does anyone know anything about this?

    Thanks

    Monday, January 15, 2018 7:24 PM

All replies

  • Hi TB303,

    I searched some articles about the problemPlease executed the following workarounds

    Create the following registry key and reboot the machine.

    HKLM\Software\Microsoft\Wlansvc

     

    Create DWORD EnableProfileHashTableLookup and set this to 0

                After reboot, try to connect to the WIFI and check if you are receiving a certificate selection prompt.

                If you continue to receive a prompt, execute the next step.

    • configured the following changes to the registry on a windows 10 machine.

     

    This will move the Lync certificate to a different store.

     

    https://blogs.technet.microsoft.com/dodeitte/2015/05/31/how-to-change-the-certificate-store-used-for-lync-client-certificates/

     

    open the Registry Editor and navigate to:

    HKLM\Software\Policies\Microsoft\Office\15.0\Lync

    for Lync 2013/Skype for Business 2015 or

    HKLM\Software\Policies\Microsoft\Office\16.0\Lync

    for Skype for Business 2016.  Create a new DWORD named UseLyncCertStore with a value of 1.

    Note: You can also create this registry under HKCU if you'd like.

     

    Sign back into the Lync client and if you now look in the Personal certificate store, you'll notice that the certificate issued by the Lync server isn't shown:

     

    That's because there's now a new certificate store called LyncCertStore that contains the certificate:

     

     

              Reboot the machine and try to connect to the network.

     

    • If you are getting a certificate prompt even after making the above changes, please make changes to the wireless group policy on the domain policy or on the machine local policy.



    Regards,

    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, January 16, 2018 6:47 AM