SampleV2CredentialProvider does not work on windows 11

Question

SampleV2CredentialProvider does not work on windows 11

Isaac Burns 20

Hello,

I was trying to implement a 3rd party credential provider and wanted to run the sample before modifying it, on my windows11vm. I built it within the VM using visual studio 2022, but it did not change my logon screen.
I have placed the DLL in system32 (it is built as release x64), and registered the application with ./register.reg. I also tried using regedit /s register.reg.

I checked the register and found the following in place:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers{5fd3d285-0dd9-4362-8855-e0abaacd4af6}

        Default SampleV2CredentialProvider

    HKEY_CLASSES_ROOT\CLSID\{5fd3d285-0dd9-4362-8855-e0abaacd4af6}

        InprocServer32 had 

            Default Value = "SampleV2CredentialProvider.dll" - i tried changing this to "C:\Windows\system32\SampleV2CredentialProvider.dll", which didn't fix things either

            ThreadingModel = "Apartment"

I tried messing with the registry directly, and can provide more details on that if you want.
I checked the events viewer under

windows logs -> system sources

        Winlogon: User Logon Notification for Customer Experience Improvement Program

        User Profile Service: Nothing

        CredentialProviderFramework: Nothing

and windows logs -> application find
SampleV2CredentialProvider: Nothing

        Winlogon : The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event. (I dont know what this means)

I've also ran the process monitor and captured the logon process, which has verified that logonui.exe has registered the dll successfully. I can provide this logfile if requested.
I've also ran logman trace on the services listed below, which I can provide as well.
logman update trace CredProviderTrace -p "Microsoft-Windows-Winlogon" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Windows Winlogon Trace" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Microsoft-Windows-Shell-AuthUI" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Microsoft-Windows-AuthenticationProvider" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Local Security Authority (LSA)" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Microsoft-Windows-OtpCredentialProviderEvt" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Microsoft-Windows-CertificateServicesClient-CredentialRoaming" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Microsoft-Windows-WebAuth" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Microsoft-Windows-WebAuthN" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Security: Kerberos Authentication" 0xFFFFFFFF 0xFF

logman update trace CredProviderTrace -p "Security: NTLM Authentication" 0xFFFFFFFF 0xFF
What I found from that there was no CoCreateInstance, CLSID, DllGetClassobject, or other COM registration/initialization for the Dll.

Where do I go from here?

0 comments

Answer accepted by question author

Taki Ly (WICLOUD CORPORATION) 1,905 Microsoft External Staff Moderator

Hello @Isaac Burns ,

Thanks for the detailed write-up. Based on what you describe, I'd lean toward this not being a build or registration failure, but there are two things worth ruling out first.

The first is that the sample tile may actually be there, just not selected by default. In CSampleProvider::GetCredentialCount() the sample returns CREDENTIAL_PROVIDER_NO_DEFAULT and autoLogon = FALSE, so its tile isn't auto-shown. Windows keeps the last user's tile, and the sample only appears once you click "Other user" / switch user. Since it looks like a normal password field, it's easy to miss.

The second is that the missing CoCreateInstance in your trace may just be a tracing-scope artifact. LogonUI.exe runs on the secure desktop (a different desktop/session), so a capture started from your interactive session usually won't see its COM activity. I wouldn't treat "no CoCreateInstance" as conclusive. A boot/global WPR trace tends to capture that path better.

To narrow down the cause, you can try reproducing what LogonUI does from a normal app like the example below. This separates "is the COM object healthy?" from "is it being shown?":

#include <windows.h>
#include <credentialprovider.h>
#include <stdio.h>
// {5fd3d285-0dd9-4362-8855-e0abaacd4af6} : must match guid.h / register.reg
static const CLSID CLSID_CSample =
    { 0x5fd3d285,0x0dd9,0x4362,{0x88,0x55,0xe0,0xab,0xaa,0xcd,0x4a,0xf6} };
int wmain() {
    CoInitializeEx(nullptr, COINIT_APARTMENTTHREADED);
    ICredentialProvider* p = nullptr;
    HRESULT hr = CoCreateInstance(CLSID_CSample, nullptr,
                                  CLSCTX_INPROC_SERVER, IID_PPV_ARGS(&p));
    wprintf(L"CoCreateInstance hr=0x%08X\n", hr);
    if (SUCCEEDED(hr)) {
        DWORD count = 0, def = 0; BOOL autoLogon = FALSE;
        p->SetUsageScenario(CPUS_LOGON, 0);
        p->GetCredentialCount(&count, &def, &autoLogon);
        wprintf(L"count=%lu default=0x%08X\n", count, def);
        p->Release();
    }
    CoUninitialize();
    return 0;
}

The returned HRESULT should narrow it down fairly quickly. If it's 0x00000000 (S_OK), the DLL is fine, and you can focus on clicking "Other user" after a sign-out/reboot, treating the trace as a scoping issue. If it's 0x8007007E (ERROR_MOD_NOT_FOUND), that points to a missing dependency and most likely a Debug/CRT build; switching to a static CRT (C/C++ -> Code Generation -> Runtime Library -> /MT) removes the VC++ redist dependency. If it's 0x80040154 (REGDB_E_CLASSNOTREG), that's a CLSID mismatch between guid.h and register.reg worth re-checking.

References:

If you can share the HRESULT and whether the tile shows under "Other user", I'm happy to dig further. If you found my response helpful or informative, I would greatly appreciate it if you could follow this guide for your confirmation.

Thank you.

Isaac Burns 20 Reputation points

2026-06-17T15:08:42.1+00:00

Thank you so much @Taki Ly (WICLOUD CORPORATION) ,

I am completely new to the windows subsystem, I didn't even realize you could just run CoCreateInstance yourself as if you were LogonUI. I ran your code through visual studio, and it returned CoCreateInstance hr=0x00000000.
I tried modifying the sample to have *pdwDefault = 0 in CSampleProvider::GetCredentialCount(), under the reasoning that if the index of my credential is 0, then it should just be the first tile? I'm not sure if this makes any sense.
My logon screen is below:

both fred and Isaac were there before I added the sample DLL or registered it.
Other system information:
Host machine is Mac M5 running Tahoe 26.5.1, guest machine is running Windows 11 25H2 OSBuild:26200.8655.
Interesting aside, not sure if relevant: I accidentally built the solution within the VM as an arm64 (executable?). When I ran it I hit 0x80070005(E_ACCESSDENIED).
Isaac Burns 20 Reputation points

2026-06-17T15:25:43.72+00:00
Some additional things:

I ran the below in the command prompt as admin

net user guest /active:yes

In WIN+R -> netplwiz I found the below:

In WIN+I -> Other users however, I only found fred? Perhaps this is the root issue??

I went into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and added a DWORD HideFastUserSwitching to 0 (found this on a youtube tutorial).
Isaac Burns 20 Reputation points

2026-06-17T15:53:18.01+00:00

This is my register file if you're curious

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}\InprocServer32]

@="C:\Windows\System32\SampleV2CredentialProvider.dll"

"ThreadingModel"="Apartment"
Isaac Burns 20 Reputation points

2026-06-17T15:55:22.45+00:00

This is my register file if you're curious

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}\InprocServer32]

@="C:\Windows\System32\SampleV2CredentialProvider.dll"

"ThreadingModel"="Apartment"
Taki Ly (WICLOUD CORPORATION) 1,905 Reputation points Microsoft External Staff Moderator

2026-06-18T02:33:48.9633333+00:00
Hi @Isaac Burns ,

Thanks for that extra detail, and the S_OK result actually tells us a lot. It confirms the DLL itself is healthy and COM activation works, so the only remaining question is why LogonUI isn't loading it.

The detail that stands out to me is your host/guest setup. A Mac M5 host with Windows 11 25H2 as the guest means the guest OS is almost certainly ARM64, and the fact that you were able to build an ARM64 binary points the same way. That matters here, because a credential provider is an in-process COM server, so its DLL has to match the architecture of the process that loads it. On ARM64 Windows, LogonUI.exe runs as native ARM64, and a native ARM64 process can only load ARM64 (or ARM64X) binaries. It cannot load a plain x64 DLL, because x64 support on ARM is provided through emulation at the whole-process level rather than by mixing an x64 module into a native ARM64 process.

This is stated directly in the Microsoft docs: Arm64EC overview, "Interoperability"

"An x64 or Arm64EC process can load and call into both x64 and Arm64EC binaries, whereas an Arm64 process can only load Arm64 binaries."

That also explains the apparent contradiction in your test. The CoCreateInstance console app you ran was most likely an x64 process running under emulation, and an x64 process can load the x64 DLL just fine, hence S_OK. LogonUI, being native ARM64, quietly skips that same DLL. So, the fix I'd suggest is to rebuild the sample as ARM64, place that ARM64 DLL in System32, and re-register.

A quick way to confirm what you currently have in System32 is to run this in a developer command prompt and look at the "machine" line:

dumpbin /headers C:\Windows\System32\SampleV2CredentialProvider.dll

8664 machine (x64) means it's x64 (won't load into ARM64 LogonUI). You'll want AA64 machine (ARM64). Background on reading this header is here: Identifying binaries / machine type.

The 0x80070005 (E_ACCESSDENIED) you saw on the ARM64 build looks more like a run/permission issue with the test app than an architecture problem, so I wouldn't read too much into it for now.

A couple of smaller things I noticed:

I'd remove the "Credential Provider Filters" entry from your .reg. The sample is a credential provider, not a filter, and it doesn't implement ICredentialProviderFilter, so registering the same CLSID under "Credential Provider Filters" isn't correct and can cause LogonUI to trip when it tries to load it as a filter. The "Credential Providers" entry plus the CLSID/InprocServer32 entries are all that's needed. The registration contract is described here: ICredentialProvider and the filter interface (which this sample does not implement) here: ICredentialProviderFilter.

On your *pdwDefault = 0 change: pdwDefault is the index of the tile that should be pre-selected, not a flag that controls whether the tile is shown. Setting it to 0 just asks LogonUI to pre-select your tile if it gets enumerated; it won't make the provider appear if the DLL isn't being loaded in the first place. I'd revert it to CREDENTIAL_PROVIDER_NO_DEFAULT while you're still establishing a baseline. See the parameter description in GetCredentialCount.

The "Other users" in Settings showing only fred, plus the netplwiz and guest-account changes, are about local account configuration and aren't related to the provider not appearing, so I wouldn't chase those for this particular issue.

If you rebuild as ARM64 and re-register, I'd expect the "Other user" tile to start showing.

Thank you.

1 additional answer

Your answer

Isaac Burns 20 Reputation points

2026-06-17T15:08:42.1+00:00

Thank you so much @Taki Ly (WICLOUD CORPORATION) ,

I am completely new to the windows subsystem, I didn't even realize you could just run CoCreateInstance yourself as if you were LogonUI. I ran your code through visual studio, and it returned CoCreateInstance hr=0x00000000.
I tried modifying the sample to have *pdwDefault = 0 in CSampleProvider::GetCredentialCount(), under the reasoning that if the index of my credential is 0, then it should just be the first tile? I'm not sure if this makes any sense.
My logon screen is below:

both fred and Isaac were there before I added the sample DLL or registered it.
Other system information:
Host machine is Mac M5 running Tahoe 26.5.1, guest machine is running Windows 11 25H2 OSBuild:26200.8655.
Interesting aside, not sure if relevant: I accidentally built the solution within the VM as an arm64 (executable?). When I ran it I hit 0x80070005(E_ACCESSDENIED).
Isaac Burns 20 Reputation points

2026-06-17T15:25:43.72+00:00

Some additional things:

I ran the below in the command prompt as admin

net user guest /active:yes

In WIN+R -> netplwiz I found the below:

In WIN+I -> Other users however, I only found fred? Perhaps this is the root issue??

I went into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System and added a DWORD HideFastUserSwitching to 0 (found this on a youtube tutorial).
Isaac Burns 20 Reputation points

2026-06-17T15:53:18.01+00:00

This is my register file if you're curious

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}\InprocServer32]

@="C:\Windows\System32\SampleV2CredentialProvider.dll"

"ThreadingModel"="Apartment"
Isaac Burns 20 Reputation points

2026-06-17T15:55:22.45+00:00

This is my register file if you're curious

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}]

@="SampleV2CredentialProvider"

[HKEY_CLASSES_ROOT\CLSID{5fd3d285-0dd9-4362-8855-e0abaacd4af6}\InprocServer32]

@="C:\Windows\System32\SampleV2CredentialProvider.dll"

"ThreadingModel"="Apartment"

Answer 1

On Windows 11, a custom logon credential provider must fully implement the required COM interfaces and correctly participate in the Winlogon/Credential Provider framework; simply having the DLL registered and loaded is not enough for its tile to appear.

Key points to verify based on the platform behavior described in the documentation:

Implement the correct interfaces (V2 provider recommended)
The provider must implement at least:
- ICredentialProvider
- ICredentialProviderCredential For a V2 provider (recommended on Windows 10/11), it must also implement:
- ICredentialProviderCredential2
If these interfaces are not implemented correctly, Winlogon/LogonUI can load the DLL but will not be able to enumerate or display any tiles.
Support the correct usage scenarios
Credential providers are queried per usage scenario (for example, logon, unlock, credential UI). The provider must correctly handle the usage scenarios it is intended to support via CREDENTIAL_PROVIDER_USAGE_SCENARIO. If it returns that it does not support the current scenario, LogonUI will not show its tiles even though the DLL is registered and loaded.
Correct registration and COM class mapping
The registry entries under:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers (mapping provider GUID → friendly name)
- HKEY_CLASSES_ROOT\CLSID\{provider-guid}\InprocServer32 (mapping provider GUID → DLL path and threading model)
must match the CLSID that the provider actually exposes in its COM class factory. If the CLSID in the DLL does not match the GUID used in the registry, CoCreateInstance for that CLSID will fail, and no tile will be created, even if the DLL is present and loaded.
Understand that providers only gather credentials, not enforce logon
The provider’s job is to describe required credential fields, collect them from the user, and serialize them for authentication. The actual logon enforcement is handled by the local authority and authentication packages. If the provider does not correctly package credentials for interactive logon, it may be ignored or fail silently at runtime.
Avoid wrapping system providers when testing
The documentation explicitly discourages wrapping system credential providers because changes to system providers can break wrappers and even prevent logon. For initial testing on Windows 11, use the sample as a standalone custom provider rather than as a wrapper around an existing system provider.
Use the official sample and SDK guidance
The Windows SDK includes a sample credential provider under \Samples\Security\CredentialProvider. Comparing the implementation and registration of that sample with the current DLL can help identify mismatches in GUIDs, interfaces, or usage scenario handling.

Given that Process Monitor shows the DLL being loaded but there is no CoCreateInstance or DllGetClassObject activity, the most likely issues are:

CLSID mismatch between the DLL and the registry entries, or
The provider indicating that it does not support the current CREDENTIAL_PROVIDER_USAGE_SCENARIO, so LogonUI never attempts to instantiate it.

Verifying the CLSID consistency and the ICredentialProvider implementation (especially how it responds for the logon scenario) is the next step.

References:

Share via

SampleV2CredentialProvider does not work on windows 11

1 additional answer

Your answer