Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
8 contributors

Users who have contributed to this file

@DaniHalfin @get-itips @VSC-Service-Account @NagaCSC @mapalko @Justinha @lizap @Dansimp
243 lines (226 sloc) 11.7 KB
title description ms.assetid ms.reviewer keywords ms.prod ms.mktglfcycl ms.sitesec ms.pagetype audience author ms.author manager ms.collection ms.topic ms.localizationpriority ms.date
Windows Hello errors during PIN creation (Windows 10)
When you set up Windows Hello in Windows 10, you may get an error during the Create a work PIN step.
DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
PIN, error, create a work PIN
w10
deploy
library
security
ITPro
mapalko
mapalko
dansimp
M365-identity-device-management
troubleshooting
medium
05/05/2018

Windows Hello errors during PIN creation

Applies to

  • Windows 10

When you set up Windows Hello in Windows 10, you may get an error during the Create a PIN step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.

Where is the error code?

The following image shows an example of an error during Create a PIN.

Error mitigations

When a user encounters an error when creating the work PIN, advise the user to try the following steps. Many errors can be mitigated by one of these steps.

  1. Try to create the PIN again. Some errors are transient and resolve themselves.
  2. Sign out, sign in, and try to create the PIN again.
  3. Reboot the device and then try to create the PIN again.
  4. Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to Settings > System > About and select Disconnect from organization. To unjoin a device running Windows 10 Mobile, you must reset the device.
  5. On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to Reset my phone. If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
Hex Cause Mitigation
0x801C044D Authorization token does not contain device ID Unjoin the device from Azure AD and rejoin
0x80090036 User cancelled an interactive dialog User will be asked to try again
0x80090011 The container or key was not found Unjoin the device from Azure AD and rejoin
0x8009000F The container or key already exists Unjoin the device from Azure AD and rejoin
0x8009002A NTE_NO_MEMORY Close programs which are taking up memory and try again.
0x80090005 NTE_BAD_DATA Unjoin the device from Azure AD and rejoin
0x80090029 TPM is not set up. Sign on with an administrator account. Click Start, type "tpm.msc", and select tpm.msc Microsoft Common Console Document. In the Actions pane, select Prepare the TPM.
0x80090031 NTE_AUTHENTICATION_IGNORED Reboot the device. If the error occurs again after rebooting, reset the TPM or run Clear-TPM
0x80090035 Policy requires TPM and the device does not have TPM. Change the Windows Hello for Business policy to not require a TPM.
0x801C0003 User is not authorized to enroll Check if the user has permission to perform the operation​.
0x801C000E Registration quota reached

Unjoin some other device that is currently joined using the same account or increase the maximum number of devices per user.

0x801C000F Operation successful but the device requires a reboot Reboot the device.
0x801C0010 The AIK certificate is not valid or trusted Sign out and then sign in again.
0x801C0011 The attestation statement of the transport key is invalid Sign out and then sign in again.
0x801C0012 Discovery request is not in a valid format Sign out and then sign in again.
0x801C0015 The device is required to be joined to an Active Directory domain ​Join the device to an Active Directory domain.
0x801C0016 The federation provider configuration is empty Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the file is not empty.
0x801C0017 ​The federation provider domain is empty Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the FPDOMAINNAME element is not empty.
0x801C0018 The federation provider client configuration URL is empty Go to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the CLIENTCONFIG element contains a valid URL.
0x801C03E9 Server response message is invalid Sign out and then sign in again.
0x801C03EA Server failed to authorize user or device. Check if the token is valid and user has permission to register Windows Hello for Business keys.
0x801C03EB Server response http status is not valid Sign out and then sign in again.
0x801C03EC Unhandled exception from server. sign out and then sign in again.
0x801C03ED

Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed

-or-

Token was not found in the Authorization header

-or-

Failed to read one or more objects

-or-

The request sent to the server was invalid.

Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
0x801C03EE Attestation failed Sign out and then sign in again.
0x801C03EF The AIK certificate is no longer valid Sign out and then sign in again.
0x801C03F2 Windows Hello key registration failed. ERROR_BAD_DIRECTORY_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue refer to Duplicate Attributes Prevent Dirsync.
0x801C044D Unable to obtain user token Sign out and then sign in again. Check network and credentials.
0x801C044E Failed to receive user creds input Sign out and then sign in again.

Errors with unknown mitigation

For errors listed in this table, contact Microsoft Support for assistance.

Hex Cause
0x80072f0c Unknown
0x80070057 Invalid parameter or argument is passed
0x80090027 Caller provided wrong parameter. If third-party code receives this error they must change their code.
0x8009002D NTE_INTERNAL_ERROR
0x80090020 NTE_FAIL
0x801C0001 ​ADRS server response is not in valid format
0x801C0002 Server failed to authenticate the user
0x801C0006 Unhandled exception from server
0x801C000C Discovery failed
0x801C001B ​The device certificate is not found
0x801C000B Redirection is needed and redirected location is not a well known server
0x801C0019 ​The federation provider client configuration is empty
0x801C001A The DRS endpoint in the federation provider client configuration is empty
0x801C0013 Tenant ID is not found in the token
0x801C0014 User SID is not found in the token
0x801C03F1 There is no UPN in the token
0x801C03F0 ​There is no key registered for the user
0x801C03F1 ​There is no UPN in the token
​0x801C044C There is no core window for the current thread

Related topics

You can’t perform that action at this time.