T
TWiles66
Guest
I am working on setting up Windows Hello for business and I have followed the steps for “Hybrid Azure AD Joined Key Trust Deployment” and I can not get the PIN or Bio to work.
Azure AD connect device options is configured with Hybrid Azure AD join, the AD schema version is 87 and domain functional level is 08 R2.
When trying to sign-in I get the follow errors:
“Something went wrong and you PIN isn’t available (status: 0xc00000bb, substatus: 0x0). Click to setup your PIN again.”
Or
“That option is temporarily unavailable. For now, please use a different method to sign in.”
Some of the logs
Application log
“Event ID 7, Smart Card Logon : An error occurred while signing a message using the inserted smart card: TPM 2.0: The Handle is not correct for the use.”
User Device Registration log
Event 358: Windows Hello for Business provisioning will be launched.
Device is AAD joined ( AADJ or DJ++ ): Yes
User has logged on with AAD credentials: Yes
Windows Hello for Business policy is enabled: Yes
Windows Hello for Business post-logon provisioning is enabled: Yes
Local computer meets Windows hello for business hardware requirements: Yes
User is not connected to the machine via Remote Desk"margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;text-autospace:none;">User certificate for on premise auth policy is enabled: No
Machine is governed by none policy.
Event 331: Automatic device join pre-check tasks completed. Debug output:\r\n preCheckResult: DoNotJoin
isPrivateKeyFound: YES
isJoined: YES
isDcAvailable: YES
isSystem: YES
keyProvider: Microsoft Platform Crypto Provider
keyContainer: 10393325-9151-40a9-b23a-2ae818ce0b4a
dsrInstance: AzureDrs
elapsedSeconds: 0
resultCode: 0x1
More...
Azure AD connect device options is configured with Hybrid Azure AD join, the AD schema version is 87 and domain functional level is 08 R2.
When trying to sign-in I get the follow errors:
“Something went wrong and you PIN isn’t available (status: 0xc00000bb, substatus: 0x0). Click to setup your PIN again.”
Or
“That option is temporarily unavailable. For now, please use a different method to sign in.”
Some of the logs
Application log
“Event ID 7, Smart Card Logon : An error occurred while signing a message using the inserted smart card: TPM 2.0: The Handle is not correct for the use.”
User Device Registration log
Event 358: Windows Hello for Business provisioning will be launched.
Device is AAD joined ( AADJ or DJ++ ): Yes
User has logged on with AAD credentials: Yes
Windows Hello for Business policy is enabled: Yes
Windows Hello for Business post-logon provisioning is enabled: Yes
Local computer meets Windows hello for business hardware requirements: Yes
User is not connected to the machine via Remote Desk"margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;text-autospace:none;">User certificate for on premise auth policy is enabled: No
Machine is governed by none policy.
Event 331: Automatic device join pre-check tasks completed. Debug output:\r\n preCheckResult: DoNotJoin
isPrivateKeyFound: YES
isJoined: YES
isDcAvailable: YES
isSystem: YES
keyProvider: Microsoft Platform Crypto Provider
keyContainer: 10393325-9151-40a9-b23a-2ae818ce0b4a
dsrInstance: AzureDrs
elapsedSeconds: 0
resultCode: 0x1
More...