M
MSHoyt
Guest
Hello I've been trying to get Hello for business configured using the Key-Trust scenario and everything seems to be fine until I have to actually use it.
These are the steps I've gone through at a High-Level
1. Deployed new KDC Certificates at the DCs
2. Configured AAD Connect and Refreshed Schema for Device Writeback and Password-Hash
3. Automatic Device Enrollment succeeds on the client
4. MDM Auto Enroll into intune for hello for business
5. Login to Windows Device and I get prompted to setup PIN/FingerPrint which succeeds
6. Run AAD Connect Sync
7. I Verify RegistredDevice Container is populated and MSDKeylink attribute is written to user object
8. When I try to login using either pin/fingerprint I get "Windows Could not verify your credentials"
I have tried the following..
1. Deleting the NGC Folder
2. Clearing TPM and Re-Enrolling
3. Using Group Policy instead of Intune.
Anyone have any suggestions? I'm at a complete lost here and there doesn't seem to be any good errors indicating why it does not verify.
More...
These are the steps I've gone through at a High-Level
1. Deployed new KDC Certificates at the DCs
2. Configured AAD Connect and Refreshed Schema for Device Writeback and Password-Hash
3. Automatic Device Enrollment succeeds on the client
4. MDM Auto Enroll into intune for hello for business
5. Login to Windows Device and I get prompted to setup PIN/FingerPrint which succeeds
6. Run AAD Connect Sync
7. I Verify RegistredDevice Container is populated and MSDKeylink attribute is written to user object
8. When I try to login using either pin/fingerprint I get "Windows Could not verify your credentials"
I have tried the following..
1. Deleting the NGC Folder
2. Clearing TPM and Re-Enrolling
3. Using Group Policy instead of Intune.
Anyone have any suggestions? I'm at a complete lost here and there doesn't seem to be any good errors indicating why it does not verify.
More...