This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 78%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
I am encountering a Windows Hello error on hybrid devices when trying to log in using a Hello PIN. The policy was pushed from Intune without any issues, and PIN and biometric settings were successfully configured. However, the error message "Windows Hello - That option is temporarily unavailable. For now, please use a different method to sign in" keeps appearing.
This doesn't happen when logging in on Azure AD join devices. What could be causing this issue? Can someone please assist me with a solution?
@Ritesh Sharma
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Hi @Ritesh Sharma , This issue can occur when the device is not able to communicate with the on-premises Active Directory Domain Services (AD DS) to verify the user's PIN. To resolve this issue, you can try the following steps:
Get-ADComputer -Identity <computername> -Properties *. Replace <computername> with the name of the computer you are checking.dsregcmd /status. The output should show that the device is joined to Azure AD and that the AzureAdPrt token is present.Test-ComputerSecureChannel -Verbose. The output should show that the secure channel is established.nltest /dsgetdc:<domainname> /pdc. Replace <domainname> with the name of your domain.If all of the above steps are successful, you can try resetting the Windows Hello for Business PIN on the affected device. You can do this by following these steps:
If you still encounter issues please let me know and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
@James Hamil thanks for your reply. We find that certificate trust was not establish. Which require to work Windows Hello for business in Hybrid environment. We are working towards that to fix it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 23%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESZ%3C/text%3E%3C/svg%3E)
Hi James, I have the tame issue starting when some PC become Hybrid joined, with only AD on-prem and the GPO for Hello for Business everithing was working fine, all your test described before are running fine.
Thanks Stefano
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 19%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
I seem to still have an issue after following your steps. my device is properly hybrid joined. all the commands checked out. I was able to reset my pin, but still getting the same error when trying face ID or pin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 12%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Same thing here. All looks OK in above tests. No error on sign in options pages. Nothing (face, fingerprint, PIN) works except full password. No errors in event viewer > WHFB operational logs.
Any further ideas @James Hamil ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 20%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Same - everything checks out but I'm receiving the "That option is temporarily unavailable" & "Something went wrong. Try again later" errors for Face, Fingerprint, and PIN.