Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Windows Hello (Failed in logs, shows correctly)

%3CLINGO-SUB%20id%3D%22lingo-sub-3349026%22%20slang%3D%22en-US%22%3EWindows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3349026%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20created%20a%20Identity%20protection%20policy.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JimmyWork_0-1652167341391.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370418i08CB94AA3D161BD4%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JimmyWork_0-1652167341391.png%22%20alt%3D%22JimmyWork_0-1652167341391.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EChecking%20the%20profile%20settings%20everything%20says%20succeeded.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JimmyWork_1-1652167379787.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370419i5F4EAB300C35E3EE%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JimmyWork_1-1652167379787.png%22%20alt%3D%22JimmyWork_1-1652167379787.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EChecking%20my%20logs%20on%20the%20device%20i%20get.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markdown%22%3E%3CCODE%3EMDM%20ConfigurationManager%3A%20Command%20failure%20status.%20Configuraton%20Source%20ID%3A%20(4ED2BB8C-C735-44FE-8683-4DD7FCBB4288)%2C%20Enrollment%20Type%3A%20(MDMDeviceWithAAD)%2C%20CSP%20Name%3A%20(PassportForWork)%2C%20Command%20Type%3A%20(Clear%3A%20first%20phase%20of%20Delete)%2C%20CSP%20URI%3A%20(.%2FVendor%2FMSFT%2FPassportForWork%2F05dc4370-49fa-46a1-8b8b-2dd3063cd475%2FPolicies%2FUsePassportForWork)%2C%20Result%3A%20(Unknown%20Win32%20Error%20code%3A%200x86000002).%0A%0AMDM%20ConfigurationManager%3A%20Command%20failure%20status.%20Configuraton%20Source%20ID%3A%20(4ED2BB8C-C735-44FE-8683-4DD7FCBB4288)%2C%20Enrollment%20Type%3A%20(MDMDeviceWithAAD)%2C%20CSP%20Name%3A%20(PassportForWork)%2C%20Command%20Type%3A%20(Clear%3A%20first%20phase%20of%20Delete)%2C%20CSP%20URI%3A%20(.%2FVendor%2FMSFT%2FPassportForWork%2F05dc4370-49fa-46a1-8b8b-2dd3063cd475%2FPolicies%2FRequireSecurityDevice)%2C%20Result%3A%20(Unknown%20Win32%20Error%20code%3A%200x86000002).%0A%0AMDM%20ConfigurationManager%3A%20Command%20failure%20status.%20Configuraton%20Source%20ID%3A%20(4ED2BB8C-C735-44FE-8683-4DD7FCBB4288)%2C%20Enrollment%20Type%3A%20(MDMDeviceWithAAD)%2C%20CSP%20Name%3A%20(PassportForWork)%2C%20Command%20Type%3A%20(Clear%3A%20first%20phase%20of%20Delete)%2C%20CSP%20URI%3A%20(.%2FVendor%2FMSFT%2FPassportForWork%2F05dc4370-49fa-46a1-8b8b-2dd3063cd475%2FPolicies%2FPINComplexity%2FMinimumPINLength)%2C%20Result%3A%20(Unknown%20Win32%20Error%20code%3A%200x86000002).%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EChecking%20the%20device%20group%20policy.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JimmyWork_2-1652167553107.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370420iEAD83ECDFFD6DFD6%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JimmyWork_2-1652167553107.png%22%20alt%3D%22JimmyWork_2-1652167553107.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EWhen%20deploing%20the%20device%20Windows%20Hello%20for%20Bussiness%20is%20activated%20and%20I%20use%20fingerprint%20and%20pin.%3CBR%20%2F%3ENot%20sure%20whats%20going%20on%20here%20really%2C%20woudl%20appriciate%20all%20the%20help.%3CBR%20%2F%3E%3CBR%20%2F%3EWindows%2011%20Enterprise%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3349026%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3349235%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3349235%22%20slang%3D%22en-US%22%3EHi%20when%20pushing%20settings%20with%20Intune%2C%20those%20changes%20doesnt%20show%20up%20in%20you%20local%20gpo%20but%20you%20could%20find%20them%20in%20the%20policymanager%20registry%20keys.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20guess%20the%20most%20important%20question...%20does%20it%20work%20as%20expected%20%3F%20When%20reading%20the%20question%20it%20only%20shows%20that%20error%20in%20the%20log%3F%200x86000002%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3349264%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3349264%22%20slang%3D%22en-US%22%3EThank%20you%20for%20answering%2C%20where%20in%20the%20registry%20can%20i%20verify%20it%3F%3CBR%20%2F%3EIt%20seems%20to%20be%20working%20on%20the%20device%2C%20I%20mean%20i'm%20using%20Windows%20Hello%20and%20I%20was%20force%20to%20make%20the%20Windows%20Hello%20setup%20during%20the%20enrollment.%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20i%20can't%20seem%20to%20find%20the%20registry%2C%20i%20dont%20have%20these%20in%20my%20registry.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fadmx.help%2F%3FCategory%3DWindows_10_2016%26amp%3BPolicy%3DMicrosoft.Policies.MicrosoftPassportForWork%3A%3AMSPassport_UsePassportForWork%26amp%3BLanguage%3Det-ee%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fadmx.help%2F%3FCategory%3DWindows_10_2016%26amp%3BPolicy%3DMicrosoft.Policies.MicrosoftPassportForWork%3A%3AMSPassport_UsePassportForWork%26amp%3BLanguage%3Det-ee%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3349348%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3349348%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3ECould%20you%20check%20out%3CBR%20%2F%3E%3CBR%20%2F%3EComputer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5CPolicies%5CPassportForWork%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3349358%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3349358%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F620702%22%20target%3D%22_blank%22%3E%40Rudy_Ooms_MVP%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EI%20only%20seem%20to%20have%20this.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JimmyWork_0-1652172898751.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370430iB35502BB9767C09E%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JimmyWork_0-1652172898751.png%22%20alt%3D%22JimmyWork_0-1652172898751.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EKeys%20in%3A%26nbsp%3B05dc4370-49fa-46a1-8b8b-2dd3063cd475%3CBR%20%2F%3EDefault%2C%20REG_SZ.%20value%20not%20set%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKeys%20in%3A%20Biometrics%3CBR%20%2F%3EFacialFeaturesUseEnhancedAntiSpoofing%2C%201%3C%2FP%3E%3CP%3EUseBiometrics%2C%201%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKeys%20in%3A%20SecurityKey%3CBR%20%2F%3EUseSecurityKeyForSignin%2C%201%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3349379%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3349379%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F415515%22%20target%3D%22_blank%22%3E%40JimmyWork%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20if%20you%20unfold%20that%20guid%20folder%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Rudy_Ooms_MVP_0-1652173339561.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370434iE0DC9CAFEB83FEE5%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Rudy_Ooms_MVP_0-1652173339561.png%22%20alt%3D%22Rudy_Ooms_MVP_0-1652173339561.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3351089%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3351089%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F620702%22%20target%3D%22_blank%22%3E%40Rudy_Ooms_MVP%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EThen%20i%20can%20see%20this%2C%20so%20the%20settings%20seems%20to%20work.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JimmyWork_0-1652190712335.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F370474i0DD8ECE44EE9FF41%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JimmyWork_0-1652190712335.png%22%20alt%3D%22JimmyWork_0-1652190712335.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3351097%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3351097%22%20slang%3D%22en-US%22%3ESo%20it%20looks%20indeed...%20mmm%20if%20it%20works..%20it%20works%20%3A)%3C%2Fimg%3E%20%3F%20and%20if%20Intune%20is%20green%20you%20are%20pretty%20lucky%20%3Ap%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3352199%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Hello%20(Failed%20in%20logs%2C%20shows%20correctly)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3352199%22%20slang%3D%22en-US%22%3ENot%20really%20sure%20why%20the%20logs%20says%20what%20it%20says%20every%20time%20I%20run%20a%20sync%20and%20i%20really%20don't%20want%20to%20see%20that%20in%20the%20logs%2C%20is%20no%20one%20else%20having%20this%20issue%3F%20I%20will%20test%20on%20another%20device%20re-deploy%20and%20see%20if%20I%20have%20the%20same%20issue%20on%20a%20Windows%2010%20device.%3C%2FLINGO-BODY%3E
Contributor

Hi

 

I have created a Identity protection policy.

JimmyWork_0-1652167341391.png

Checking the profile settings everything says succeeded.

JimmyWork_1-1652167379787.png

Checking my logs on the device i get.

 

 

 

 

MDM ConfigurationManager: Command failure status. Configuraton Source ID: (4ED2BB8C-C735-44FE-8683-4DD7FCBB4288), Enrollment Type: (MDMDeviceWithAAD), CSP Name: (PassportForWork), Command Type: (Clear: first phase of Delete), CSP URI: (./Vendor/MSFT/PassportForWork/05dc4370-49fa-46a1-8b8b-2dd3063cd475/Policies/UsePassportForWork), Result: (Unknown Win32 Error code: 0x86000002).

MDM ConfigurationManager: Command failure status. Configuraton Source ID: (4ED2BB8C-C735-44FE-8683-4DD7FCBB4288), Enrollment Type: (MDMDeviceWithAAD), CSP Name: (PassportForWork), Command Type: (Clear: first phase of Delete), CSP URI: (./Vendor/MSFT/PassportForWork/05dc4370-49fa-46a1-8b8b-2dd3063cd475/Policies/RequireSecurityDevice), Result: (Unknown Win32 Error code: 0x86000002).

MDM ConfigurationManager: Command failure status. Configuraton Source ID: (4ED2BB8C-C735-44FE-8683-4DD7FCBB4288), Enrollment Type: (MDMDeviceWithAAD), CSP Name: (PassportForWork), Command Type: (Clear: first phase of Delete), CSP URI: (./Vendor/MSFT/PassportForWork/05dc4370-49fa-46a1-8b8b-2dd3063cd475/Policies/PINComplexity/MinimumPINLength), Result: (Unknown Win32 Error code: 0x86000002).

 

 

 

 

Checking the device group policy.

JimmyWork_2-1652167553107.png

When deploing the device Windows Hello for Bussiness is activated and I use fingerprint and pin.
Not sure whats going on here really, woudl appriciate all the help.

Windows 11 Enterprise

8 Replies

Hi when pushing settings with Intune, those changes doesnt show up in you local gpo but you could find them in the policymanager registry keys.

I guess the most important question... does it work as expected ? When reading the question it only shows that error in the log? 0x86000002

 

Also a good question would be if you were running HAADJ or AADJ?

Thank you for answering, where in the registry can i verify it?
It seems to be working on the device, I mean i'm using Windows Hello and I was force to make the Windows Hello setup during the enrollment.

But i can't seem to find the registry, i dont have these in my registry.
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.MicrosoftPassportForWork::MSPa...
Hi,
Could you check out

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork

@Rudy_Ooms_MVP 

I only seem to have this.

JimmyWork_0-1652172898751.png

Keys in: 05dc4370-49fa-46a1-8b8b-2dd3063cd475
Default, REG_SZ. value not set

 

Keys in: Biometrics
FacialFeaturesUseEnhancedAntiSpoofing, 1

UseBiometrics, 1

 

Keys in: SecurityKey
UseSecurityKeyForSignin, 1

@JimmyWork 

 

And if you unfold that guid folder

Rudy_Ooms_MVP_0-1652173339561.png

 

@Rudy_Ooms_MVP 

Then i can see this, so the settings seems to work.

JimmyWork_0-1652190712335.png

 

So it looks indeed... mmm if it works.. it works :) ? and if Intune is green you are pretty lucky :p
Not really sure why the logs says what it says every time I run a sync and i really don't want to see that in the logs, is no one else having this issue? I will test on another device re-deploy and see if I have the same issue on a Windows 10 device.