SSO in Windows 11 Not Working
Posted: 09 Feb 2024, 01:44
The issue is Windows Defender Credential Guard, which blocks unconstrained Windows Integrated Kerberos authentication.
It is enabled by default on all systems running on Windows 11, version 22H2 and later.
There are 2 regkeys to be present to explicitly disable that component.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags=0 (DWORD)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags=0 (DWORD)
Also, just fyi:
Windows10 does not have nor need these regkeys to function, if they are added to the registration, it does not have a negative impact on functionality.
We tested Win10 with the registration keys and connectivity was still successful
It is enabled by default on all systems running on Windows 11, version 22H2 and later.
There are 2 regkeys to be present to explicitly disable that component.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags=0 (DWORD)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags=0 (DWORD)
Also, just fyi:
Windows10 does not have nor need these regkeys to function, if they are added to the registration, it does not have a negative impact on functionality.
We tested Win10 with the registration keys and connectivity was still successful