Share via

Windows Hello Issue

Anonymous
2025-05-05T13:13:53.2+00:00

Hello,

I’m currently encountering an issue with configuring Windows Hello for domain-joined users. When a user attempts to sign in using their PIN, the following error message appears: “Your credentials could not be verified.”

A Group Policy Object (GPO) has been configured to enable Windows Hello, as shown in the table below. The environment is hybrid, consisting of a Microsoft 365 tenant and two synchronized Active Directory domain controllers (Windows Server 2025). An Active Directory Certificate Services (AD CS) infrastructure is also in place.

 

Group Policy Path Group Policy Setting Value
Computer Configuration\Administrative Templates\Windows Components\Windows Hello for BusinessorUser Configuration\Administrative Templates\Windows Components\Windows Hello for Business Use Windows Hello for Business Enabled
Computer Configuration\Administrative Templates\Windows Components\Windows Hello for BusinessorUser Configuration\Administrative Templates\Windows Components\Windows Hello for Business Use certificate for on-premises authentication Enabled

 

 

Thank you in advance for your support.

Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chen Tran 9,825 Reputation points Independent Advisor
    2025-07-24T11:54:50.94+00:00

    Hello Loris,

    Thank you for posting question on Microsoft Windows Forum.

    Based on the error message "Your credentials could not be verified**" .** It is probably of that the issuing Certificate Authority (CA) certificate is missing in the NTAuth store of the domain controller and client machine.

    When you use WHFB, the domain controller needs to validate the certificate sent by the client machine. During the validation, it checks the Key Distribution Center (KDC) service on the domain controller to verify if it can find the issuing CA certificate in the NTAuth registry key. The NTAuth registry key locates at HKLM\Software\Microsoft\EnterpriseCertificates\NTAuth\Certificates.

    You can follow the instruction of below article to fix the issue.

    Hope the above information is helpful

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.