Home

User Device Provisioning doesnt work for Windows Hello for Business

%3CLINGO-SUB%20id%3D%22lingo-sub-810229%22%20slang%3D%22en-US%22%3EUser%20Device%20Provisioning%20doesnt%20work%20for%20Windows%20Hello%20for%20Business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-810229%22%20slang%3D%22en-US%22%3E%3CP%3EPosting%20here%20after%20reading%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAzure-AD-Mailbag-Windows-Hello-for-business%2Fbc-p%2F810203%23M1428%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FAzure-AD-Mailbag-Windows-Hello-for-business%2Fbc-p%2F810203%23M1428%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fhello-hybrid-key-trust%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EI%3C%2FA%3E%26nbsp%3Bam%20trying%20to%20implement%20Windows%20Hello%20for%20Business%20using%20Hybrid%20key%20trust%20model.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fhello-hybrid-key-trust%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fhello-hybrid-key-trust%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fhello-hybrid-key-trust%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EE%3C%2FA%3Event%20viewer%20shows%20the%20following%3C%2FP%3E%3CP%3E--------------------------%3C%2FP%3E%3CP%3E%3CSPAN%3EWindows%20Hello%20for%20Business%20provisioning%20will%20not%20be%20launched.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EDevice%20is%20AAD%20joined%20(%20AADJ%20or%20DJ%2B%2B%20%3A(Not%20Tested%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EUser%20has%20logged%20on%20with%20AAD%20credentials%3A%20No%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWindows%20Hello%20for%20Business%20policy%20is%20enabled%3A%20Not%20Tested%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWindows%20Hello%20for%20Business%20post-logon%20provisioning%20is%20enabled%3A%20Not%20Tested%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ELocal%20computer%20meets%20Windows%20hello%20for%20business%20hardware%20requirements%3A%20Not%20Tested%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EUser%20is%20not%20connected%20to%20the%20machine%20via%20Remote%20Desk%22text-autospace%3Anone%3B%22%26gt%3BUser%20certificate%20for%20on%20premise%20auth%20policy%20is%20enabled%3A%20Not%20Tested%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EMachine%20is%20governed%20by%20none%20policy.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E--------------------------%3C%2FP%3E%3CP%3E%3CSPAN%3EAutomatic%20device%20join%20pre-check%20tasks%20completed.%20Debug%20output%3A%5Cr%5Cn%20preCheckResult%3A%20Join%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EdeviceKeysHealthy%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EisJoined%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EisDcAvailable%3A%20YES%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EisSystem%3A%20YES%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EkeyProvider%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EkeyContainer%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EdsrInstance%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EelapsedSeconds%3A%200%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EresultCode%3A%200x0%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E--------------------------%3C%2FP%3E%3CP%3E%3CSPAN%3EAutomatic%20registration%20failed%20at%20join%20phase.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EExit%20code%3A%20Unknown%20HResult%20Error%20code%3A%200x801c001d%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EServer%20error%3A%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ETenant%20type%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ERegistration%20type%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EDebug%20Output%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EjoinMode%3A%20Join%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EdrsInstance%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EregistrationType%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EtenantType%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EtenantId%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EconfigLocation%3A%20undefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EerrorPhase%3A%20discover%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EadalCorrelationId%3A%2073b46ec1-f877-4a3f-8d29-d5f37eed09a5%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EadalLog%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3Eundefined%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EadalResponseCode%3A%200x0%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E----------%3C%2FP%3E%3CP%3EPlease%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-810229%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Hello%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Santosh Seth
Occasional Contributor

Posting here after reading https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Mailbag-Windows-Hell...

 

I am trying to implement Windows Hello for Business using Hybrid key trust model.

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybri...

Event viewer shows the following

--------------------------

Windows Hello for Business provisioning will not be launched.

Device is AAD joined ( AADJ or DJ++ :( Not Tested

User has logged on with AAD credentials: No

Windows Hello for Business policy is enabled: Not Tested

Windows Hello for Business post-logon provisioning is enabled: Not Tested

Local computer meets Windows hello for business hardware requirements: Not Tested

User is not connected to the machine via Remote Desk"text-autospace:none;">User certificate for on premise auth policy is enabled: Not Tested

Machine is governed by none policy.

--------------------------

Automatic device join pre-check tasks completed. Debug output:\r\n preCheckResult: Join

deviceKeysHealthy: undefined

isJoined: undefined

isDcAvailable: YES

isSystem: YES

keyProvider: undefined

keyContainer: undefined

dsrInstance: undefined

elapsedSeconds: 0

resultCode: 0x0

--------------------------

Automatic registration failed at join phase.

Exit code: Unknown HResult Error code: 0x801c001d

Server error: 

Tenant type: undefined

Registration type: undefined

Debug Output:

joinMode: Join

drsInstance: undefined

registrationType: undefined

tenantType: undefined

tenantId: undefined

configLocation: undefined

errorPhase: discover

adalCorrelationId: 73b46ec1-f877-4a3f-8d29-d5f37eed09a5

adalLog:

undefined

adalResponseCode: 0x0

----------

Please help.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies