By rssfeeds-admin 
System administrators across Reddit’s r/sysadmin community are raising alarms as the issue originally observed during Windows 10-to-11 migrations has now reappeared across annual Windows 11 version upgrades, including the 23H2-to-24H2 and 23H2-to-25H2 upgrade paths.
class="wp-block-heading" id="what-is-happening">What Is Happening
During an in-place Windows 11 upgrade, the contents of the C:Windowsdot3svcPolicies folder that stores 802.1X wired network (LAN) authentication profiles applied via Group Policy are silently deleted.
The dot3svc service (Wired AutoConfig) relies on these policy files to authenticate machines against network switches enforcing IEEE 802.1X port-based access control.
Once the folder is wiped, the upgraded machine loses all wired network connectivity the moment it boots into the new OS version, effectively cutting it off from the corporate network.
The catch-22 nature of the bug makes it particularly damaging in enterprise environments: without network access, the machine cannot receive a fresh Group Policy push to restore its 802.1X configuration.
Administrators must physically connect the affected device to a non-802.1X-enforced switch port or network segment, manually run gpupdate /force, and then reconnect it to the secured port. Only then does the wired authentication configuration get rewritten to the dot3svcPolicies folder.
The problem is not new. Documented cases on Microsoft Q&A stretch back to Windows 10 22H2 → Windows 11 23H2 migrations, with multiple reports confirming 802.1X authentication failures immediately after upgrade completion.
However, sysadmins confirm that the same data-loss behavior is now repeating across annual Windows 11 version upgrades, meaning the issue has persisted through at least three major release transitions without an official fix from Microsoft.
In some upgrade scenarios, the problem extends beyond dot3svc policy files; in-place upgrades have also been reported to delete the machine’s computer certificate store, further compounding authentication failures for organizations relying on EAP-TLS with PKI certificates.
Available Workarounds
Sysadmins have documented several interim mitigations while awaiting an official fix:
- Backup and restore: Copy
C:Windowsdot3svcPoliciesto external storage before upgrading and restoring it immediately after the new OS boots. - Post-upgrade gpupdate: Connect the device to a non-dot1x port and run
gpupdate /force /target:computerto force policy re-application. - SetupCompleteTemplate.cmd: Inject LAN profile restoration commands into the Windows setup completion script.
- MECM task sequence step: For managed deployments, add a post-upgrade step to re-push 802.1X settings before the device rejoins the secured network.
Microsoft has not publicly acknowledged this regression as a known issue on its Windows 11 release health dashboard, and no dedicated KB article or hotfix has been issued as of this writing.
Administrators managing large fleets should audit their upgrade workflows and implement dot3svc policy backup steps before deploying Windows 11 24H2 or 25H2 at scale.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.