7.8 KiB
title, description, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, ms.date
| title | description | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.localizationpriority | author | ms.date |
|---|---|---|---|---|---|---|---|---|
| Windows Defender Credential Guard - Known issues (Windows 10) | Windows Defender Credential Guard - Known issues in Windows 10 Enterprise | w10 | explore | library | security | high | brianlic-msft | 08/17/2017 |
Windows Defender Credential Guard: Known issues
Applies to
- Windows 10
- Windows Server 2016
Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see Application requirements.
The following known issue has been fixed in the Cumulative Security Update for November 2017:
- Scheduled tasks with stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
"Task Scheduler failed to log on ‘\Test’ .
Failure occurred in ‘LogonUserExEx’ .
User Action: Ensure the credentials for the task are correctly specified.
Additional Data: Error Value: 2147943726. 2147943726 : ERROR_LOGON_FAILURE (The user name or password is incorrect)."
The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
-
This issue can potentially lead to unexpected account lockouts. See also Microsoft® Knowledge Base articles KB4015219 and KB4015221
-
This issue can potentially lead to unexpected account lockouts. The issue was fixed in servicing updates for each of the following operating systems:
- Windows 10 Version 1607 and Windows Server 2016: KB4015217 (OS Build 14393.1066 and 14393.1083)
- Windows 10 Version 1511: KB4015219 (OS Build 10586.873)
- Windows 10 Version 1507: KB4015221 (OS Build 10240.17354)
Known issues involving third-party applications
The following issue affects the Java GSS API. See the following Oracle bug database article:
When Windows Defender Credential Guard is enabled on Windows 10, the Java GSS API will not authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see Application requirements.
The following issue affects Cisco AnyConnect Secure Mobility Client:
*Registration required to access this article.
The following issue affects McAfee Application and Change Control (MACC):
The following issue affects AppSense Environment Manager. For further information, see the following Knowledge Base article:
The following issue affects Citrix applications:
- Windows 10 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. [1]
[1] Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10 or Windows Server 2016 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article:
For further technical information on LSAISO.exe, see the MSDN article: Isolated User Mode (IUM) Processes
** Registration is required to access this article.
Vendor support
See the following article on Citrix support for Secure Boot:
Windows Defender Credential Guard is not supported by either these products, products versions, computer systems, or Windows 10 versions:
-
For Windows Defender Credential Guard on Windows 10 with McAfee Encryption products, see: Support for Windows Defender Device Guard and Windows Defender Credential Guard on Windows 10 with McAfee encryption products
-
For Windows Defender Credential Guard on Windows 10 with Check Point Endpoint Security Client, see: Check Point Endpoint Security Client support for Microsoft Windows 10 Windows Defender Credential Guard and Windows Defender Device Guard features
-
For Windows Defender Credential Guard on Windows 10 with VMWare Workstation Windows 10 host fails when running VMWare Workstation when Windows Defender Credential Guard is enabled
-
For Windows Defender Credential Guard on Windows 10 with specific versions of the Lenovo ThinkPad ThinkPad support for Windows Defender Device Guard and Windows Defender Credential Guard in Microsoft Windows 10 – ThinkPad
-
For Windows Defender Credential Guard on Windows 10 with Symantec Endpoint Protection Windows 10 with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1
This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard.
Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.