Forum Discussion

Steve Whitcher's avatar
Steve Whitcher
Bronze Contributor
Mar 03, 2021

Passwordless sign on to hybrid AAD joined computer not working

I've been trying to set up passwordless authentication to log into hybrid AADJ computers using a security key.  I've followed the documentation on how to set it up, but can't seem to get it working.  

I have a security key set up successfully as an authentication type in AzureAD, and can sign into Azure AD joined devices without issue.  I just can't seem to get it to work for logging in to Hybrid AADJ computers.  When I try to log on with a security key, I get an error:
Your credentials couldn't be verified (code: 0xc000006d,0x0)

 

Looking up that error code, it means "The cause is either a bad username or authentication information" 

 

I've also looked in the event logs under webauthn logs, and I see the failed Ctap GetAssertion steps, with the error "0x52E The username or password is incorrect." which seems roughly equivilant to the error above.  I don't know where to go from here though, I haven't found any particularly in depth troubleshooting on the process.  Any suggestions would be welcome. 

 

Thanks!

  • Circling back to share the solution - the account I was testing with was indirectly a member of a protected AD group. Members of protected groups are, by default, not allowed to use security key sign-on. After removing that membership, the security key sign-on works as expected.

Resources