Question
Issue: How to fix "LSA package is not signed as expected" event after updating to Windows 22H2?
Hello. I upgraded my computer to Windows 11 Pro 22H2 and now every time I reboot there are several errors “LSA package is not signed as expected.” How do I fix these errors?
Solved Answer
Local Security Authority (LSA)[1] is a Microsoft Windows-protected subsystem that is part of the Windows Client Authentication Architecture which authenticates and creates a logon Session to the Local Computer. In addition, LSA maintains information about all aspects of local security on a computer (these aspects are collectively known as the local security policy).
Recently, some users started experiencing multiple “LSA package is not signed as expected” events after updating to Windows 22H2. This seems to be a bug caused by Microsoft. It is unknown if they have released a fix, but you should still try updating your system to see if it fixes the issue.
If that does not work, you may have to enable LSA protection using the Registry Editor or disable Credential Guard.[2] It is a virtualization-based isolation technology for LSASS which prevents attackers from stealing credentials that could be used for passing the hash attacks. Of course, disabling it could put your system in danger, but it should get rid of the “LSA package is not signed as expected” error.
Manual troubleshooting can be a lengthy process. If you want to avoid it, you can use a maintenance tool like FortectMac Washing Machine X9. It can fix most system errors, BSODs,[3] corrupted files, and registry[4] issues. Otherwise, follow the step-by-step instructions below.
Method 1. Update Windows
- Click Start on the taskbar
- Select the Setting app pinned to the Start menu
- Click Windows Update on the left side of Settings
- Press the Check for updates button to download and install new patch updates
- You can also install optional updates by going to the Advanced tab
Method 2. Enable LSA Protection using the Registry
- Open the Registry Editor, and navigate to the registry key that is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Set the value of the registry key to:
- “RunAsPPL”=dword:00000001 to configure the feature with a UEFI variable
- “RunAsPPL”=dword:00000002 to configure the feature without a UEFI variable (only on Windows 11, 22H2)
- Restart the computer
- If the registry key RunAsPPL does not exist create it as a New DWORD (32-bit) Value and set the Hexadecimal value to 00000002
Method 3. Enable LSA Protection using Group Policy
- Open the Group Policy Management Console (GPMC)
- Create a new GPO that is linked at the domain level or that is linked to the organizational unit that contains your computer accounts. Or you can select a GPO that is already deployed.
- Right-click the GPO, and then select Edit to open the Group Policy Management Editor
- Expand Computer Configuration, expand Preferences, and then expand Windows Settings
- Right-click Registry, point to New, and then select Registry Item
- The New Registry Properties dialog box appears.
- In the Hive list, select HKEY_LOCAL_MACHINE
- In the Key Path list, browse to SYSTEM\CurrentControlSet\Control\Lsa
- In the Value name box, type RunAsPPL
- In the Value type box, select REG_DWORD
- In the Value data box, type:
00000001 to enable LSA protection with a UEFI variable
00000002 to enable LSA protection without a UEFI variable (only enforced on Windows 11, 22H2)
- Select OK
Method 4. Turn off Credential Guard
- Open the Registry Editor and go to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Add a new DWORD value and name it LsaCfgFlags
- To disable Windows Defender Credential Guard, set its value to 0
- Close Registry Editor and restart your computer
Repair your Errors automatically
ugetfix.com team is trying to do its best to help users find the best solutions for eliminating their errors. If you don't want to struggle with manual repair techniques, please use the automatic software. All recommended products have been tested and approved by our professionals. Tools that you can use to fix your error are listed bellow:
Protect your online privacy with a VPN client
A VPN is crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speeds. The best solution for your ultimate privacy is Private Internet Access – be anonymous and secure online.
Data recovery tools can prevent permanent file loss
Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.
Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.
- ^ Local Security Authority. Idapwiki. LDAP, Authentication and Authorization.
- ^ Credential Guard. Wikipedia, the free encyclopedia.
- ^ Chris Hoffman. Everything You Need To Know About the Blue Screen of Death. Howtogeek. Technology Magazine.
- ^ Tim Fisher. What Is the Windows Registry?. Lifewire. Software and Apps.
