Jump to content

Windows Hello For Business dont work 3td MFA


Recommended Posts

Guest Vladislav GennFom
Posted

Hi! Help me please!

I used instruction for set up WHFB( on-premis on the key trust).

I set up and every step of the guide and checked 10 times over.

I use third-party MFA, I registrated MFA in ADFS and check. My MFA work.

 

The client log Microsoft-Windows-HelloForBusiness/Operational errors out with:

1. The Primary Account Primary Refresh Token prerequisite check failed (Event ID 7201).

2. The device registration prerequisite check failed(Event ID 7200).

3. Windows Hello for Business prerequisites check failed. Error: 0x0(Event ID 7054).

and repeat...

 

Result comands DSREGCMD /DEBUG and DSREGCMD /STATUS:

 

dsregcmd::wmain logging initialized.

PreJoinChecks Complete.

preCheckResult: DoNotJoin

isPrivateKeyFound: undefined

isJoined: undefined

isDcAvailable: undefined

isSystem: NO

keyProvider: undefined

keyContainer: undefined

dsrInstance: undefined

elapsedSeconds: 0

resultCode: 0x1

The device can NOT be joined. The process MUST run as NT AUTHORITY\SYSTEM.

 

+----------------------------------------------------------------------+

| Device State |

+----------------------------------------------------------------------+

 

AzureAdJoined : NO

EnterpriseJoined : NO

DomainJoined : YES

DomainName : WINHELLO

 

+----------------------------------------------------------------------+

| User State |

+----------------------------------------------------------------------+

 

NgcSet : NO

WorkplaceJoined : NO

WamDefaultSet : NO

 

+----------------------------------------------------------------------+

| SSO State |

+----------------------------------------------------------------------+

 

AzureAdPrt : NO

AzureAdPrtAuthority : NO

EnterprisePrt : NO

EnterprisePrtAuthority : NO

 

+----------------------------------------------------------------------+

| Diagnostic Data |

+----------------------------------------------------------------------+

 

Diagnostics Reference : www.microsoft.com/aadjerrors

User Context : UN-ELEVATED User

Client Time : 2019-07-10 11:49:29.000 UTC

AD Connectivity Test : PASS

AD Configuration Test : PASS

DRS Discovery Test : PASS

DRS Connectivity Test : PASS

Token acquisition Test : FAIL [0xcaa9002c/0xcaa1000e] Correlation-id: {EE96163B-8710-42E0-8AC6-1F358EB5D6CD}

Fallback to Sync-Join : ENABLED

 

Previous Registration : 2019-07-10 11:16:58.000 UTC

Registration Type : fed

Error Phase : auth

Client ErrorCode : 0xcaa1000e

Correlation Id : {65934446-ABB9-468C-991E-DC6E78BFB692}

 

+----------------------------------------------------------------------+

| Ngc Prerequisite Check |

+----------------------------------------------------------------------+

 

IsDeviceJoined : NO

IsUserAzureAD : NO

PolicyEnabled : YES

PostLogonEnabled : YES

DeviceEligible : YES

SessionIsNotRemote : YES

CertEnrollment : none

PreReqResult : WillNotProvision

 

More...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...