That Fingerprint is too similar to one that's already set up.

Question

Just some background here first. We have a hybrid setup, AD and AAD using Azure AD Connect. Windows Hello for Business Cloud Trust has been set up and working fine. However, for whatever reason, some users sometimes are not able to sign in to Windows with either a PIN or fingerprint. Since we enforced users by Conditional Access to sign in with phishing-resistant methods which are either PIN or Fingerprint in order to be able to connect the Palo Alto VPN to our Head Office, they will not be able to connect VPN if they are not signing in to with either of the methods. One morning, a user's registered PIN and fingerprint in Windows 11 suddenly were not working. He managed to sign in with a password first and reset his PIN successfully. He then tried to re-register his fingerprint by successfully removing the current one inside the Sign-in Options dialog. However, when he tried to start the fingerprint setup to register the same finger he used before, he kept getting this message " Sorry, something went wrong. That fingerprint is too similar to one that's already set up. Try a different finger." he wanted to use the same finger. So, we removed all the .dat files inside C:\Windows\System32\WinBioDatabase while the Windows Biometric Service was stopped and then started the service, then had him do the fingerprint setup again. Unfortunately, he still encountered the same message " Sorry, something went wrong. That fingerprint is too similar to one that's already set up. Try a different finger." Would that be caused by the initial removal of his fingerprint while the VPN was not connected so that a copy of the previously registered fingerprint ID still existed in the Azure AD?

Is there an ultimate solution to reset his biometric setup so that he can register his same index finger?

CS

Answer 1

Refer to this video: https://www.youtube.com/watch?v=13-ogouRu8M

Answer 2

This is an issue which most of the DELL users are getting. But don't worry , I have got the solution to this problem. And you don't need to waste your time in updating and reinstalling the fingerprint drivers . Or following CMD commands.

what you have to do patiently is just to watch out this video without skipping it .

Here is the video link CLICK HERE.

And I am pretty sure that this video will resolve this issue in your PC.

Answer 3

@Woody Chiu at RASI Apologies for the delayed response, researched on your ask and also check with my team on this, if the user performed a non-destructive reset of their PIN, then their fingerprint registration was probably preserved, you could try a destructive reset by running certutil -deletehellocontainer from a standard command prompt and rebooting the machine and verify if it helps to resolve your issue.

Let me know if you have any further questions, feel free to post back.

Answer 4

Finger print or facial hash data stores locally on the device. never goes out to Azure AD.

your Bio-matches with sensor locally unlock access to private keys stored on the device (TPM). Client sends the signed Nonce back to AAD to validate with public key registered.

How to clear the Bio-metric data?. Please reach out to Microsoft windows team support.

Answer 5

Same problem in my laptop i followed the instructions a run this command certutil -deletehellocontainer in CMD , after reboot, re-register the PIN i got same error "That fingerprint is too similar to one that;s already setup"