Share via

How do I fix this error message Authentication Error Status: 0xC000006D Authentication Error Substatus: 0xC00002F9

James T 6 Reputation points
2024-10-31T19:18:12.1433333+00:00

We have been able to deploy an Intune policy to a small group of test machines and it works on that small group except for one, my laptop. I have tried numerous items from running sfc /scannow, to deleting the NGC folder (after taking ownership), removing the Intune Management connector on the device and redeploying it, resetting the PIN, and about everything else, but I keep getting "That option is temporarily unavailable. For now, please use another method to sign in". I have reviewed the event logs on the device, and you can see where it does setup the HelloForBusiness and accepted PIN changes in the event logs, but I keep getting this one specific error message...

"A user failed to sign into the device with the following information:

Username: SYSTEM

User SID: SYSTEM

Credential Type: Software Key

Deployment Type: Cloud Trust

Software Lockout Counter: 0

Authentication Error Status: 0xC000006D

Authentication Error Substatus: 0xC00002F9"

The only other option I saw to fix this was to reset a computer back to factory default and start all over with installing software and joining a domain. Please say there is an option I have not tried yet or a registry edit to get this HelloForBusiness working on this one device. Thank you.

Windows for business Windows Client for IT Pros User experience Other
Microsoft Security Intune Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 53,981 Reputation points Microsoft External Staff
    2024-11-01T02:04:11.1766667+00:00

    @James T, Thanks for posting in Q&A. It seems the windows hello for business authentication is failed.

    I notice you already tried deleting NGC folder, remove WHFB, delete Windows Hello for Business container and redeploy the policy. But it is still not working. Please check if the device is with the latest update. If not, please install the latest one to see if it works.

    User's image

    https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/#windows-requirements

    Meanwhile, please check the device edition of the affected device to see if it is supported.User's image

    In addition, when we remove the policy, please also ensure the registry key on the device is removed. After that, delete NGC folder, delete Windows Hello for Business container, restart and redeploy the policy

    https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/configure#disable-windows-hello-for-business-enrollment

    However, if the issue still persists, you can reset the device or reinstall OS on this device to deploy again to see if it can work..

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.