Windows Hello for Business Certificate Trust (on-Prem)

Question

Hi! I have deployed Windows Hello for business environment (Certificate trust, On-Prem), Everything works OK. The domain user logs into the client machine and windows hello for business enrollment starts. However, After getting the PIN from user, windows hello for business provisioning fails. in the event viewer, I get following errors:-

Client Machine (Windows-Helloforbusiness\Operational): Windows Hello key registration failed. Error 0x801C03EC

Client Machine (Windows-User Device Registration): NGC key registration failed.

Exit code: Unknown HResult Error code: 0x801c03ec

Client request ID: ff5ce7ce-8868-45c3-90d5-bd62d4d6c603

Server request ID: ff5ce7ce-8868-45c3-90d5-bd62d4d6c603

Error code: internal_server_error

Server error message: New NGC key could not be added to store.

Recommended client response: ERROR_FAIL

Server response: {"error":{"code":"internal_server_error","message":"New NGC key could not be added to store.","response":"ERROR_FAIL","target":"ProvisionKey","clientrequestid":"ff5ce7ce-8868-45c3-90d5-bd62d4d6c603","innererror":{"trace":null,"context":null}}}

Answer 1

Thank you Pierre Audonnet !. I had chosen cert trust because of some legacy use cases. However, i have even tried with key-trust config but i get the same error every time when i try to provision the key. And, yes the error is same for every user, i tried.