Hi @Ritesh Sharma , This issue can occur when the device is not able to communicate with the on-premises Active Directory Domain Services (AD DS) to verify the user's PIN. To resolve this issue, you can try the following steps:
- Verify that the device is properly registered in Azure AD and that the device object is synchronized to the on-premises AD DS. You can check this by running the following command in PowerShell:
Get-ADComputer -Identity <computername> -Properties *
. Replace<computername>
with the name of the computer you are checking. - Verify that the device is properly configured for Hybrid Azure AD join. You can check this by running the following command in PowerShell:
dsregcmd /status
. The output should show that the device is joined to Azure AD and that the AzureAdPrt token is present. - Verify that the device is able to communicate with the on-premises AD DS. You can check this by running the following command in PowerShell:
Test-ComputerSecureChannel -Verbose
. The output should show that the secure channel is established. - Verify that the device is able to communicate with the domain controller that holds the Primary Domain Controller (PDC) emulator role. You can check this by running the following command in PowerShell:
nltest /dsgetdc:<domainname> /pdc
. Replace<domainname>
with the name of your domain.
If all of the above steps are successful, you can try resetting the Windows Hello for Business PIN on the affected device. You can do this by following these steps:
- Open the Settings app on the affected device.
- Click on "Accounts" and then click on "Sign-in options".
- Under "Windows Hello PIN", click on "I forgot my PIN".
- Follow the prompts to reset your PIN.
If you still encounter issues please let me know and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James