Windows Hello for Business || After setting PIN | Unable to Login with PIN

Shadab Basha 261 Reputation points
2021-12-03T14:33:50.24+00:00

Hello Team,

Here is my current setup :
Windows 2019 DC (OS Build 17763.2237) so it should include the update - KB4487044( OS Build - 17763.316)

Windows hello for business - Key Trust

Rolled out for two users :
User A and User B

User A - WHFB - PIN Setup Successful , PIN Login successful , I can verify from the Azure AD sign in logs that the authentication is windows hello for business.

User B - PIN Setup Successful, PIN Login Unsuccessful , getting the below errors ( I need assistance in resolve these errors or provide a direction , will be much appreciated.)

1) Your credentials could not be verified
2) Something went wrong and your PIN isn't available ( status:0xc000005e, substatus:(0x0) Click to set your PIN again.

154805-image.png

154783-image.png

I have below two GPO's configured :

GPO 1

1) User level - Enable Windows Hello for Business
User configuration under Policies > Administrative Templates > Windows Components > Windows Hello for Business

GPO 2:

2.1 Computer Configuration -> Policies -> Administrative Templates -> System -> PIN Complexity ===> To set the PIN complexity

2.2 ) Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Hello for Business -> Use a hardware security Device : Disabled ( so that both hardware TPM and software are used for fall back)

2.3) Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Hello for Business ->Use Biometrics ( To allow user to enroll biometrics)

I have not set Convenience PIN ( computer configuration -> Administrative Templates-> System -> Logon -> Turn on convenience PIN Sign in policy) as I dont think this is required .

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,344 questions
{count} votes

Accepted answer
  1. Shadab Basha 261 Reputation points
    2021-12-14T05:42:26.227+00:00

    Self - Resolved after following the below steps :

    1) I deleted the NGC Folder ( C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft )

    2) Deleted the enrolled WHFB authentication method

    Asked the user to Re-enroll for Windows Hello for Business and it enrolled successfully.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful