![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 60%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,004 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 9%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Hello
I see that you are experiencing a configuration issue with Windows Hello for Business on Windows Server 2016. Here are some steps and considerations that may help you resolve this issue:
Check Group Policy Settings: Ensure that the Group Policy settings for Windows Hello for Business are correctly configured. You mentioned that you have set "Use Windows Hello for Business" and "Use certificate for on-premises authentication." Double-check these settings to ensure they are applied correctly.
Hybrid vs. On-Premises Deployment: Windows Hello for Business can be deployed in different scenarios, including hybrid and on-premises. Make sure that your deployment scenario matches the configuration. For on-premises deployments, ensure that the necessary infrastructure, such as Active Directory and certificate services, is properly set up.
Certificate Trust vs. Key Trust: Windows Hello for Business supports both certificate trust and key trust models. Verify that the trust model you are using is correctly configured. Certificate trust requires a Public Key Infrastructure (PKI) to issue certificates to users.
Azure AD Integration: If your setup is prompting for a Microsoft account, it might be due to Azure AD integration. Ensure that the devices are correctly joined to your on-premises Active Directory and not inadvertently linked to Azure AD.
Review Deployment Guides: Refer to the deployment guides and documentation for Windows Hello for Business. The Microsoft Learn article on planning a Windows Hello for Business deployment provides detailed information on different topologies, architectures, and components.
Plan a Windows Hello for Business Deployment | Microsoft Learn
Troubleshooting Permissions: Check for any permission issues that might be causing the problem. For example, ensure that the necessary permissions are granted for the msDS-KeyCredentialLink attribute in Active Directory.
By following these steps, you should be able to identify and resolve the issue with your Windows Hello for Business setup on Windows Server 2016