This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Have had WHFB working for some time, but recently users getting 'Something went wrong and your PIN isn't available (status: 0xc00000bb, substatus: 0x0). Click to set your PIN again.'
If I check Event Viewer under WHFB, error states 'Device unlock policy is not configured on this device'.
I've checked to see if any changes were made to Azure polices or any update-related issues to severs or PC's, but cannot seem to find the issue.
Thanks!!
Please create a support request to better address this issue.
--
Let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.
@Seth Holek
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?
----------
If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 3%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Hi, was anybody able to find out a solution for this problem?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 62%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E5%3C/text%3E%3C/svg%3E)
Hello,
I have the same issue here. On-premises certificate trust. The user can successfully enrol but the sign-in fails with
followed by
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 90%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Same issue here. Any resolution?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 25%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
please check if the domain certificates are not expired.
regards
Hi Everyone, our PKI infrastructure is configured in a two-tier model with an offline standalone root, and subordinate enterprise ca. In our case, we began noticing this issue after our root CRL next update date passed, and we had not updated our CRL. Because our root is offline, there is a manual process to publish it, and the CRLdp is a different location than default. After publishing the updated CRL, it did not work immediately.
Hope this helps someone.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 25%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hey TrevorDavis-4287,
My situation mirrors yours exactly (two-tier pki, offline root, online subordinate). CRL expired, I went through the process of manually publishing a fresh one. ~3 hours later, I am still experiencing issues with WHfB. How long was yours out of commission before it resumed functionality? Were any manual steps required to restore functionality beyond publishing the new CRL?
Thanks in advance,
-Alex
Mine resumed full functionality ~4 hours after publishing the CRL. I also bumped all my DCs (one at a time). Not sure if it was the length of time or the DC bump that did the trick.