cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Passwordless sign on to hybrid AAD joined computer not working

Steve Whitcher
Bronze Contributor

‎Mar 03 2021 12:57 PM - last edited on ‎Jan 14 2022 03:28 PM by

‎Mar 03 2021 12:57 PM - last edited on ‎Jan 14 2022 03:28 PM by

Passwordless sign on to hybrid AAD joined computer not working

I've been trying to set up passwordless authentication to log into hybrid AADJ computers using a security key.  I've followed the documentation on how to set it up, but can't seem to get it working.  

I have a security key set up successfully as an authentication type in AzureAD, and can sign into Azure AD joined devices without issue.  I just can't seem to get it to work for logging in to Hybrid AADJ computers.  When I try to log on with a security key, I get an error:
Your credentials couldn't be verified (code: 0xc000006d,0x0)

 

Looking up that error code, it means "The cause is either a bad username or authentication information" 

 

I've also looked in the event logs under webauthn logs, and I see the failed Ctap GetAssertion steps, with the error "0x52E The username or password is incorrect." which seems roughly equivilant to the error above.  I don't know where to go from here though, I haven't found any particularly in depth troubleshooting on the process.  Any suggestions would be welcome. 

 

Thanks!

3,475 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Steve Whitcher (Bronze Contributor)
Steve Whitcher

‎Mar 17 2021 10:58 AM

‎Mar 17 2021 10:58 AM

Solution

Re: Passwordless sign on to hybrid AAD joined computer not working

Circling back to share the solution - the account I was testing with was indirectly a member of a protected AD group. Members of protected groups are, by default, not allowed to use security key sign-on. After removing that membership, the security key sign-on works as expected.
3 Likes
Reply
MassiveLoops

‎Aug 11 2022 03:33 PM

‎Aug 11 2022 03:33 PM

Re: Passwordless sign on to hybrid AAD joined computer not working

I was going down a hole trying to figure this out too! There was nothing in the event logs either. Thank you, I can confirm this is what was causing my issue with this error under my account. I was being lazy and not using a test account/general user and made more work for myself in the end :-).
0 Likes
Reply
QuentinDL

‎Feb 20 2023 06:17 AM

‎Feb 20 2023 06:17 AM

Re: Passwordless sign on to hybrid AAD joined computer not working

You saved my day!
Thanks!
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Steve Whitcher (Bronze Contributor)
Steve Whitcher

‎Mar 17 2021 10:58 AM

‎Mar 17 2021 10:58 AM

Solution

Re: Passwordless sign on to hybrid AAD joined computer not working

Circling back to share the solution - the account I was testing with was indirectly a member of a protected AD group. Members of protected groups are, by default, not allowed to use security key sign-on. After removing that membership, the security key sign-on works as expected.

View solution in original post

3 Likes
Reply