We're facing the same problem.
We're using Windows 10 versions 1709 and 1803. I configured the wireless network profile manually, so no GPOs were involved.
We use EAP-TTLS with EAP-MsChapV2 and windows logon credentials.
The reason we use EAP-TTLS is because we need to use a specific realm in the outer identity and this can't be configured in EAP-PEAP.
The settings we used are as follows:
In the Security tab:
WPA2-Enterprise, AES, Microsoft: EAP-TTLS, tagged remember my credentials
EAP-TTLS Settings:
tagged enable identity privacy: anonymous@realm.tld, connect to these servers: radius.domain.tld, tagged only the correct CA, untagged don't prompt user, Eap method for authentication: EAP-MSCHAP v2.
EAP MSCHAPv2 properties:
tagged automatically use my windows logon name
Advanced Security settings:
tagged specify authentication mode: User or computer authentication, untagged delete credentials, tagged enable single sign on, selected after user logon, maximum delay: 10 seconds, tagged allow dialogs, tagged this network uses separate vlans
We reproduced the problem as follows:
- turn on the computer and it will succesfully authenticate as host/computer.fqdn
- log on as user and domain\user will succesfully authenticate
- disconnect the wireless network and log out from the computer
- at the logon screen connect to the wireless network again.
- It will now unsuccesfully try to authenticate as domain\computername$.
We haven't found a solution as of yet, but are keen to find one.