Windows Hello on premises ne fonctionne pas

Christophe DUMAS 0 Reputation points
2024-09-19T07:14:15.6333333+00:00

Hi,

I have an Active Directory on a Windows Server 2016

I tried to set up Windows hello for business for my users with these policy :

  • Use Windows Hello for Business
  • Use certificate for on-premises authentication

Windows Hello is well activated but each time i try to put a PIN code, it ask a Microsoft account

On another AD of my enterprise i don't need MS account at all with these policy and i want to reproduce this behaviour.

I don't know what happen on my WS 2016 so have you an idea ?

Thanks

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,084 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,542 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Wesley Li 8,855 Reputation points
    2024-09-19T15:44:54.8266667+00:00

    Hello

    I see that you are experiencing a configuration issue with Windows Hello for Business on Windows Server 2016. Here are some steps and considerations that may help you resolve this issue:

     

    Check Group Policy Settings: Ensure that the Group Policy settings for Windows Hello for Business are correctly configured. You mentioned that you have set "Use Windows Hello for Business" and "Use certificate for on-premises authentication." Double-check these settings to ensure they are applied correctly.

     

    Hybrid vs. On-Premises Deployment: Windows Hello for Business can be deployed in different scenarios, including hybrid and on-premises. Make sure that your deployment scenario matches the configuration. For on-premises deployments, ensure that the necessary infrastructure, such as Active Directory and certificate services, is properly set up.

     

    Certificate Trust vs. Key Trust: Windows Hello for Business supports both certificate trust and key trust models. Verify that the trust model you are using is correctly configured. Certificate trust requires a Public Key Infrastructure (PKI) to issue certificates to users.

     

    Azure AD Integration: If your setup is prompting for a Microsoft account, it might be due to Azure AD integration. Ensure that the devices are correctly joined to your on-premises Active Directory and not inadvertently linked to Azure AD.

     

    Review Deployment Guides: Refer to the deployment guides and documentation for Windows Hello for Business. The Microsoft Learn article on planning a Windows Hello for Business deployment provides detailed information on different topologies, architectures, and components.

    Plan a Windows Hello for Business Deployment | Microsoft Learn

     

    Troubleshooting Permissions: Check for any permission issues that might be causing the problem. For example, ensure that the necessary permissions are granted for the msDS-KeyCredentialLink attribute in Active Directory.

     

    By following these steps, you should be able to identify and resolve the issue with your Windows Hello for Business setup on Windows Server 2016

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.