Windows 10 will not connect to WPA2 Enterprise after November update

December 16th at 12:00am

I updated my laptop recently to find that my wifi connection stopped working. I run a pfSense machine which runs a FreeRADIUS server to handle authentication (with a goal of avoiding Microsoft's wifi credential sharing nonsense) and it looks like a recent MS update causes that to stop working.

References

Can't connect to WPA2-Enterprise network after Windows 10 update [reddit.com]
After update to 1511 I can't connect via WLAN to my network [answers.microsoft.com]
Freeradius2 - Windows 10 Update 1511 [forum.pfsense.org]
FreeRADIUS 2.2.6 miscalculates MPPE keys with TLS 1.2 [bugzilla.redhat.com]

Cause

Microsoft appears to have updated their authentication system to require TLS 1.2, which does not work with the version of Free RADIUS that comes bundled with pfSense.

Work-Around

Microsoft allows you to disable TLS 1.2 for EAP Authentication. To apply this work around:

Open RegEdit
Create this DWORD:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\TlsVersion
Set the value to C0 (That's the letter "C" and the number Zero (0))
Restart your computer

This caused a lot of frustration on my network and I'll need to come up with a better solution than just disabling TLS 1.2 as that's not viable long-term.