"Validate server certificate" option is unexpected to check in Wired network (IEEE 802.3) policies

From forum report, There seems to be large number of enterprise users encounters this issue.

You have a Windows 2008 DC. You create a Wired network policy using Windows 7 GPMC, and the “validate server certificate” option is unchecked. After the GPO is applied, the Windows XP, Vista and Server 2008 start having authentication failure. If you open the policy from a Windows Vista GPMC, and you will find the “validate server certificate” option is checked.

To solve this problem temporarily, you should follow one of the workarounds below:

  • Once this happens, delete and recreate the GPO from Server 2008 (not R2), it works as expected.
  • Create the different OU for the clients, i.e. Win7 clients are in an OU, and Vista and XP are in another OU. Then we create two Wired network policy policies for the option “validate server certificate” respectively.


Step to repro:

  1.  Have a windows server 2008 DC, and its domain function level is 2008
  2. Create a wired network GPO and uncheck “validate server certificate” option (under “ Computer Configuration -> policies -> windows settings -> Security Settings -> Wired Network(IEEE 802.3) policies”) using a Windows 7 GPMC
  3. Open this GPO from a Windows Vista GPMC, You will find the “validate server certificate” option is checked.

 Edit: We have released a hotfix to resolve this issue. Please apply the following hotfix if you encounter the same issue: