Share via

My Hello Windows doesn't work after change SSD and install fresh Windows 11

Vincent Chung Khui Pin 10 Reputation points
2026-06-08T09:53:01.6166667+00:00

I am currently experiencing an issue with Windows Hello. The setup for Windows Hello Face, Windows Hello Fingerprint, and Windows Hello PIN all fail with the following error message:

"Something went wrong. Try again later."

Before my SSD was replaced, Windows Hello was working normally and I had already configured a Windows Hello PIN without any issues.

Recently, a Lenovo technician replaced my faulty SSD and performed a fresh installation of Windows 11. Since then, I have been unable to set up any Windows Hello authentication methods.

I am wondering if this could be related to the TPM (Trusted Platform Module). Does Windows Hello need to be removed or deregistered before replacing the SSD? If so, how would this work in situations where the SSD fails unexpectedly and cannot be accessed?

I have tried remove and install Windows Hello still the error and check Biometric and Camera in driver manager all working. fine

Has anyone encountered a similar issue or knows how to resolve it? Any advice or suggestions would be greatly appreciated.

Thank you.

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-06-08T09:53:47.86+00:00

    Windows Hello does not need to be removed or deregistered before replacing an SSD. However, after hardware or OS changes (such as a fresh Windows 11 installation), Windows Hello and the underlying security components (TPM, VBS, biometric services) must be correctly reinitialized on the new installation. If any of these components are not in a ready state, Windows Hello Face/Fingerprint/PIN setup can fail with generic errors like “Something went wrong. Try again later.”

    Use the following targeted checks and fixes on the new Windows 11 installation:

    1. Verify Virtualization Based Security (VBS) and isolation components
      1. Open System Information (type msinfo32 in Start).
      2. In System Summary, confirm Virtualization Based Security is listed as Running.
      3. In System Information > Software Environment > Running Tasks, confirm bioiso.exe and ngciso.exe are present.
      4. If VBS is not running or these tasks are missing, the system might not meet the requirements for Enhanced Sign-in Security. After any change (e.g., enabling virtualization in firmware), restart and test Windows Hello setup again.
    2. Re-enroll Windows Hello biometrics
      1. Go to Settings > Accounts > Sign-in options.
      2. Remove any existing Windows Hello Face/Fingerprint entries if they appear.
      3. Re-enroll Face/Fingerprint from the same page.
      4. If Windows reports “We couldn't find a fingerprint scanner compatible with Windows Hello” or similar, proceed to driver checks.
    3. Reinstall biometric drivers
      1. Open Device Manager.
      2. Under Biometric devices, locate the fingerprint sensor (and camera if listed under biometrics or cameras for Windows Hello Face).
      3. Right-click the device and select Uninstall device.
      4. Restart the PC so Windows reinstalls the driver automatically.
      5. Try Windows Hello Face/Fingerprint setup again.
    4. Restart the Windows Biometric Service and reset PIN
      1. In Settings > Accounts > Sign-in options, remove the existing PIN (Windows Hello PIN) if present.
      2. Open Command Prompt as administrator and run: 
              net stop wbiosrvc && net start wbiosrvc
      3. Go back to Sign-in options and add a new PIN. This forces a fresh PIN provisioning and can restore PIN functionality.
    5. Check TPM status if using Microsoft Entra ID / Windows Hello for Business If the device is Microsoft Entra joined and Windows Hello for Business is used:
      1. Run dsregcmd.exe /status and verify AzureAdPrt in User state or SSO state is not No. A No value indicates the Primary Refresh Token (PRT) was not issued, often due to TPM issues.
      2. Open the TPM management console by selecting Start, typing tpm.msc, and pressing Enter.
      3. If there is a notice to unlock the TPM or reset the lockout, follow vendor guidance or contact the hardware vendor for a known fix.
      4. If the issue persists after vendor guidance, clear and reinitialize the TPM as described in Troubleshoot the TPM: Clear all the keys from the TPM. Warning: Clearing the TPM can cause data loss if there are keys bound to it (for example, BitLocker or other key-protected data). Ensure any dependent data is backed up or recovery keys are available before proceeding.
    6. If biometric authentication still fails
      1. Confirm again that VBS is running and bioiso.exe/ngciso.exe are listed in System Information.
      2. If all checks pass and Windows Hello Face/Fingerprint/PIN setup still fails, file a feedback item using Feedback Hub with logs so the issue can be investigated.

    These steps address the typical causes after hardware replacement or fresh installation: missing or misconfigured biometric isolation, driver issues, PIN/biometric service issues, and TPM provisioning problems.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.