Share via

How to fix Windows Hello temporarily unavailable error on hybrid devices

Ritesh Sharma 361 Reputation points
2024-01-10T11:13:13.4633333+00:00

I am encountering a Windows Hello error on hybrid devices when trying to log in using a Hello PIN. The policy was pushed from Intune without any issues, and PIN and biometric settings were successfully configured. However, the error message "Windows Hello - That option is temporarily unavailable. For now, please use a different method to sign in" keeps appearing.

This doesn't happen when logging in on Azure AD join devices. What could be causing this issue? Can someone please assist me with a solution?

Microsoft Security Microsoft Entra Microsoft Entra ID
Windows for business Windows Client for IT Pros User experience Other
Microsoft Security Intune Other
Accepted answer
  1. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2024-01-10T23:03:10.1233333+00:00

    Hi @Ritesh Sharma , This issue can occur when the device is not able to communicate with the on-premises Active Directory Domain Services (AD DS) to verify the user's PIN. To resolve this issue, you can try the following steps:

    1. Verify that the device is properly registered in Azure AD and that the device object is synchronized to the on-premises AD DS. You can check this by running the following command in PowerShell: Get-ADComputer -Identity <computername> -Properties *. Replace <computername> with the name of the computer you are checking.
    2. Verify that the device is properly configured for Hybrid Azure AD join. You can check this by running the following command in PowerShell: dsregcmd /status. The output should show that the device is joined to Azure AD and that the AzureAdPrt token is present.
    3. Verify that the device is able to communicate with the on-premises AD DS. You can check this by running the following command in PowerShell: Test-ComputerSecureChannel -Verbose. The output should show that the secure channel is established.
    4. Verify that the device is able to communicate with the domain controller that holds the Primary Domain Controller (PDC) emulator role. You can check this by running the following command in PowerShell: nltest /dsgetdc:<domainname> /pdc. Replace <domainname> with the name of your domain.

    If all of the above steps are successful, you can try resetting the Windows Hello for Business PIN on the affected device. You can do this by following these steps:

    1. Open the Settings app on the affected device.
    2. Click on "Accounts" and then click on "Sign-in options".
    3. Under "Windows Hello PIN", click on "I forgot my PIN".
    4. Follow the prompts to reset your PIN.

    If you still encounter issues please let me know and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Muhammad Safeer Saqib 6 Reputation points
    2024-06-09T10:03:45.3066667+00:00

    nltest /dsgetdc:<domainname> /pdc status: Error 1355 0x54b Error no such domain facing this error could you help on this

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.