WHfB Died since the server did

Tom Wrigglesworth 125 Reputation points
2024-02-22T13:52:26.7766667+00:00

Hi everyone,

We have deployed WHfB to 4 devices, all hybrid domain joined and forced to have WHFB. They have worked perfectly since the deployment in December 23. On Monday our Primary Domain Controller failed and a new server was built in its place. Since that server has gone in, all 4 devices are giving the error 'Your credentials could not be verified'. I added my machine on Wednesday to try and replicate the error, my machine works without issue. I setup another user with WHfB, trying to get the error - his worked as well.

I followed the guide

https://video2.skills-academy.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/your-credential-could-not-be-verified-error-when-logging-on-to-windows-by-using-whfb

This has not helped. Any help would be great, we need to know how to fix this as this policy was moments away from going firm-wide

Kind regards!

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,062 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
370 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,664 questions
0 comments
Accepted answer
  1. Crystal-MSFT 45,656 Reputation points Microsoft Vendor
    2024-02-23T02:47:48.97+00:00

    @Tom Wrigglesworth, Thanks for posting in Q&A. From your description, it seems the devices enable Windows Hello For Business which do device register before the PDC replace have issue to verify the credentials. For the new deployment for WHFB, it is working well. If there's any misunderstanding, feel free to let us know.

    After reviewing "How Windows Hello for Business works" document, I find it has a process "Key synchronization‘" which will synchronize the key from Microsoft Entra ID to Active Directory and store user's public key under the user object. It can be that the information is missing for these devices on the user object. So the verify is failed.

    https://video2.skills-academy.com/en-us/windows/security/identity-protection/hello-for-business/how-it-works

    We can disable WHFB for the user on these devices and re-enable it to generate new information for this to make it work.

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest