Windows Hello unconfigured after reboot

Jan-Niklas Beier 41 Reputation points
2022-01-07T11:51:24.543+00:00

Hello there,

out organization is running a on-premise AD.

We just enabled Windows Hello via GPO. All users may enable Windows Hello PIN or fingerprint/face (when available). This way still works fine.
But: when rebooting the devices while they are connected to the organization network they lose their Windows Hello configuration. The clients have to configure it again.
Some clients lose their configuration when connecting via VPN to our network. Some clients don't need to reboot their device - the device loses its configuration after unspecific time.

But there are also Clients in the same OU without losing their configuration.

What can we check? What may be the problem?

I hope u know what I'm trying to explain. Please feel free to ask questions.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,420 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
7,934 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Reza-Ameri 16,776 Reputation points
    2022-01-10T16:23:08.363+00:00

    It could be a bug, try use the affected PC while you could reproduce the problem and open start and search for feedback and open the Feedback Hub app and report this issue.

    0 comments No comments

  2. Limitless Technology 39,301 Reputation points
    2022-01-11T08:36:26.023+00:00

    Hello

    Thank you for your question and reaching out.

    I can understand you are facing with Windows Hello.

    The problem is related to a corruption of the Windows Hello data. The cause is probably some unknown bug in Windows,

    Please try to clean out the corrupted Hello data and recreate it. This should fix the problem,

    The Steps are as follows:

    Start the Services mmc.
    Stop the system service called "Windows Biometric Service"
    Move away the files in C:\Windows\System32\WinBioDatabase for backup, to be able to undo this process if you so decide
    Restart the service
    Register the fingerprint or PIN again.
    Now hopefully it will work.


    --If the reply is helpful, please Upvote and Accept as answer--


  3. Dan Karlsson 1 Reputation point
    2022-10-12T15:26:32.127+00:00

    I had this problem also. It turned out that it uses Windows Hello for Business that wasn't set up for the domain.
    After following the instructions in this blog the problem was solved.
    https://identity-man.eu/2022/02/17/improving-your-windows-hello-for-business-hybrid-password-less-setup-by-using-cloud-trust/

    0 comments No comments

  4. Naveen 21 Reputation points
    2023-02-01T01:58:52.6+00:00

    Jan, are you able to fix it?

    0 comments No comments

  5. toby33 21 Reputation points
    2024-03-20T05:44:29.4966667+00:00

    I know this is an older post. But, in case helpful, ensure that in any linked GPOs, or MDM profiles, you aren't using "Admin Templates/Windows Components/Biometrics/Facial Features/Configured Enhanced Anti-Spoofing" on any devices that don't support the enhanced anti-spoofing settings. It's dependent on the camera features. If it's not supported, configured facial sign-in profiles will be unconfigured on reboot following the configuration of facial sign-on.

    0 comments No comments