Hello Team,
Here is my current setup :
Windows 2019 DC (OS Build 17763.2237) so it should include the update - KB4487044( OS Build - 17763.316)
Windows hello for business - Key Trust
Rolled out for two users :
User A and User B
User A - WHFB - PIN Setup Successful , PIN Login successful , I can verify from the Azure AD sign in logs that the authentication is windows hello for business.
User B - PIN Setup Successful, PIN Login Unsuccessful , getting the below errors ( I need assistance in resolve these errors or provide a direction , will be much appreciated.)
1) Your credentials could not be verified
2) Something went wrong and your PIN isn't available ( status:0xc000005e, substatus:(0x0) Click to set your PIN again.
I have below two GPO's configured :
GPO 1
1) User level - Enable Windows Hello for Business
User configuration under Policies > Administrative Templates > Windows Components > Windows Hello for Business
GPO 2:
2.1 Computer Configuration -> Policies -> Administrative Templates -> System -> PIN Complexity ===> To set the PIN complexity
2.2 ) Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Hello for Business -> Use a hardware security Device : Disabled ( so that both hardware TPM and software are used for fall back)
2.3) Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Hello for Business ->Use Biometrics ( To allow user to enroll biometrics)
I have not set Convenience PIN ( computer configuration -> Administrative Templates-> System -> Logon -> Turn on convenience PIN Sign in policy) as I dont think this is required .