Single Sign-On (SSO) with the "Perform immediately before user logon" (pre-logon) option set with registry based certificates is not supported. Registry based certificates utilize either EAP-TLS or PEAP-EAP-TLS authentication methods.
This is because user registry certificates live in HKEY_CURRENT_USER, which does not get loaded until immediately after the user logs in. Therefore, because we are doing "pre-logon", when the supplicant attempts to find credentials, there is no user context loaded hence no certificates available to the supplicant.
33564 03C8.06A4::2012-05-25 04:00:38.236 [Microsoft-Windows-WLAN-AutoConfig]A pre-logon connection was not attempted. Result: The operational criteria were not met. Reason: An unspecified EAP error has occurred.