Windows 10: Dictionary attack mitigation triggered and the provided authorization was ignored by the...

Hello,I know a thread has been posted before about this issue, but I'm having the same problem, with a different twist.Windows seems confused on whether or not my microsoft account has a Windows Hello Pin. It asks me to create a pin, but says I have one and the account has been locked because "You've entered an incorrect PIN too many times." and gives me the error Dictionary attack mitigation triggered and the provided authorization was ignored by the provider. If I select "I forgot my PIN" this is what it says:When I go to "Settings > Accounts > Sign-in options" it says that I have to A

:)

 

Dictionary attack mitigation triggered; Device locked for security reason.

'This device has been locked for security reason.'

I am getting this message every time I try to sign in with my PIN. I am able to sign in with my
password.

But, when I try to change my PIN, I get this:

'The Dictionary Attack Mitigation was Triggered and the Provided Authorization was Ignored by the Provider.'

Windows Hello seems to not recognize me on the lock screen, but subsequently allows me to "Improve Recognition".

I found one other person who had this same issue on his PC:

This device has been locked for security reason. - HP Support Community - 5443577

Does anybody have any ideas?

Surface Pro 4; i5; 128GB

 

Dictionary attack mitigation triggered; Device locked for security reason.

As others here, I've had this issue with my Surface Pro 3 and Windows 10 Pro. About 3 weeks ago I could not log in with my PIN, had worked perfectly for 2 years, even if at times I had entered it incorrectly. Then I got blocked. Ran virus check and set
picture pin. That worked., but I wanted the PIN to work. Read options, to delete folder in Windows/System, but could not due to admin. Changed admin, had to create a 2nd user, then ended up with two admin users and one tied to my Microsoft account and still
no PIN. I don't mind tinkering, but this was too much. I finally thought that was way to messy and decided to re-install Windows 10 from ISO from MS site - a clean install.

Everything worked fine then this weekend I got a new error - "The dictionary attach mitigation I triggered and the provide3d authorization was ignored by the provider".

Tried to log in, tried to reset PIN, no good. Tried to Log in with PIN, - still no good. So I logged in with picture password. Plugged Surface Pro 3 in for 2 hours while logged in, then tried to change PIN, would fail. I then did normal Shut Down, tried
to log in with PIN and got the same Dictionary error message. Performed the Shut Down multiple times - no good.

Tried using the Picture Password, waiting 2 hours, then another graceful shut down and still no PIN access and not able to change the PIN.

Last attempt -

1) I set Surface to NEVER Shut Down/NEVER Dim Display when plugged in.

2) Then performed a shut down.

3) Then started it again, but left it on the first Picture start screen for two hours

4) During the two hours I didn't try to log in with any method, just left it on

5) After 2 hours I selected the PIN option, entered the same PIN I had originally set and I was able to log in

Did not use the Admin Run - TPM.mpc - option - which I'm sure it likely works.

My thoughts on this are exactly as one of the first posts indicated in this thread - to plug into power, wait 2 hours and try again. What was missing are the detailed steps in order to accomplish this. It's not just waiting 2 hours, it's how you setup the
PC while it's waiting for the 2 hours.

It likely doesn't matter whether it's plugged into electrical power or not. What matters is that the PC needs to stay on for at least 2 hours and not turn off. OR run out of battery power, hence why it should be plugged in just in case. It can't go to sleep,
it can't be logged into a user. It just has to be on
and the first screen prior to selecting a user log in with credentials is what it need to be on for 2 hours for the error to clear itself. If you log in, then it won't be in that sort of "Limbo" state. No user log in is the trick for the reset
to take place and have that PC on once turned on to that first visible screen.

This has to be something new (Windows Update) that is triggered due to more stringent security settings. Enter that PIN incorrectly, and it will lock you out.

I hope this will help others that encounter this rather frustrating issue. I rather wait the 2 hours than toy around with security settings if I don't have to.

 

KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)

Hello,

KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)

In order to mitigate the above vulnerability MS has given some steps to perform.

we have Certificate Authority Web Enrollment installed in our server and to mitigate the issue we had performed step 1 mentioned under primary mitigation. once the mitigation is completed I was checking in the registry that it stores any data about it but could not find any.

Can anyone please help me to understand after performing the mitigation steps, does machine registry stores any value/data ?