20,219 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 69%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Hi,
Its the same here with the Lenovo T490 but with Windows Server 2019 Standard (desktop experience).
Any suggestions also for me, please?
Win Server 2025: unable to activate PIN or Fingerprint sign-in options.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 75%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
LedZep
30
Reputation points
Hello to all.
I have a bit of a problem, I would really appreciate your expertise.
I have installed a standalone Win Server 2025 LTSC Preview Build 26052, which was successfully updated to Build 26063.1 through Windows Update,
on a pretty old but trusty laptop (i7-Q720, 8GB DDR3, SSD 860 EVO 250GB).
On this particular laptop I like to experiment on, so I have at times installed Win 7, Win 8.1, Win 10 and Win 11, but also Win Server 2012 and Win Server 2016.
The most recent installations were Win Server 2016 and finally Win 11, up till last month.
Now I performed a clean installation of Win Server 2025, but right from the start, I cannot enable sign-in with either PIN or Fingerprint,
which of course worked just fine on Win 11 and Win Server 2016 and on any other OS.
The error displayed is: "The device doesn't meet your organization's requirements for Windows Hello".
On top of that there is a warning displayed that: "Some of these settings are managed by your organization.",
but maybe that's irrelevant, or has something to do with my tinkering.
The laptop is not connected to any Domain, and have not set up any work or school email accounts.
I have set up a new user, member of Administrators, and have tried with either the new user or the built-in Administrator user.
I have installed all drivers, all updates, and have looked anywhere I could think off.
I have also checked the following GPOs and REG entries, and tried different combinations of those:
Windows Hello PIN is unavailable on Windows 10/11. (Solved)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\AllowDomainPINLogon
Group Policy\Computer Configuration\Administrative Templates\
System\Logon
Windows Components\Biometrics
Windows Components\Windows Hello For Business
And the following posts. Common questions about Windows Hello for Business https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/faq
Redirecting
Windows Biometric Service
Plan a Windows Hello for Business Deployment - Windows Security
Windows Hello for Business deployment
How to enable Windows Hello on stand-alone server
Group Policy Settings
How to implement Windows Hello for Business with Cloud Trust
Windows Hello for Business with Cloud Trust
No matter what I do, the error is the same.
Of course, the laptop has no TPM or SecureBoot or anything,
but still the PIN and Fingerprint worked on Win 11 and Win Server 2016,
and I would just like to enable them for convenience.
So, is there a way to enable PIN and Fingerprint sign-in locally on a standalone Server, using Windows Hello,
without the strict requirements of Windows Hello for Business?
Any thoughts?
Thanks in advance.
Screenshot1.jpg Screenshot2.jpg Screenshot3.jpg Screenshot4.jpg Screenshot5.jpg
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 80%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Paul Carter 0 Reputation points2025-02-27T13:17:58.8+00:00 I have the same issue.
I have Server 2025 installed on a Dell T340 Poweredge server with a TPM 2.0 module installed.
I have tried everything listed above and am still unable to enable sign in by PIN. I have also attached my Microsoft account to the administrator account, but with no success.
I know this isn't an answer, but wanted to add another datapoint to this issue.
-
Sergio Padure 21 Reputation points2025-05-07T22:07:48.2066667+00:00 Same issue here, but with TPM. Event Logs show that it's ready to provision:
Windows Hello for Business provisioning will be launched.
Device is Microsoft Entra joined (or hybrid joined): Yes
User has logged on with Microsoft Entra credentials: Yes
Windows Hello for Business policy is enabled: Yes
Windows Hello for Business post-logon provisioning is enabled: No
Local computer meets Windows hello for business hardware requirements: Yes
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: No
Machine is governed by none policy.
Cloud trust for on premise auth policy is enabled: Yes
User account has Cloud to OnPrem TGT: Yes
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.But whenever attempting to do so I get errors:
The NGC key registration initialization operation failed. Exit code: The resource loader cache doesn't have loaded MUI entry.. User email: redactedforprivacy.
Auth token: <Present; Snipped>.The NGC create container operation failed.
User SID: redactedforprivacy
IDP domain: login.windows.net
Tenant domain: redactedforprivacy
Flags: 0
Error: The resource loader cache doesn't have loaded MUI entry.I don't even see the optionds in the settings:
And when forcing it via start-process "ms-cxh://nthaad" it asks for MFA then gives an error:
With the following errors in the HelloForBusiness Operational log:
The description for Event ID 7055 from source Microsoft-Windows-HelloForBusiness cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
2147957500
0The locale specific resource for the desired message is not present
The description for Event ID 7045 from source Microsoft-Windows-HelloForBusiness cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
2147957500
12The locale specific resource for the desired message is not present
dsregcmd /status also shows that it's ready to provision with Cloud Trust:
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+IsDeviceJoined : YES IsUserAzureAD : YES PolicyEnabled : YES PostLogonEnabled : NO DeviceEligible : YES SessionIsNotRemote : YES CertEnrollment : none OnPremTGT : YES PreReqResult : WillProvisionNeedless to say, Windows 11 laptops joined to the same domain have no issues configuring and using Windows Hello for Business, so it's not the GPO/Cloud Trust/Certificates on the domain side that's the issue, but rather the Windows Server 2025 install.
I tested with the Windows 11 dual booted on the same machine (to validate the TPM) and WHfB configures correctly as well.
I'm very confused now.
Sign in to comment