Windows 10: Windows hello for business on premise certification trust

Hello,


i have tried to follow guide from microsoft https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs and upon "Configure the Registration Authority" step, i encounter error






This is my system information



:)

 

N8 certificates not trusted/don't match the name

Well I worked out for myself how to verify the certificates are genuine:

• Using a desktop computer
• Go to the page with the certificates
• Select a certificate
• It will say either:
  • Certificate already exists - this confirms that the certificate on the website matches one already in your browser, which we already trust, therefore the certificate on the website is trustworthy
  • Asks if you want to install the certificate, DON'T.
    • First view the certificate details.
    • Copy the certificate serial number or SHA1/SHA256/MD5/etc hash
    • Paste this into a search engine
    • If another website that you trust lists the certificate, e.g. your phone manufacturer or another trusted website (preferably a secure website, therefore you have confidence the website is genuine), then you can trust the certificate
    • If no trustworthy sites are returned in the search then try another hash or serial number
    • If you can't find any trustworthy sites listing the certificate then I suggest you don't trust it.
• Finally, if you decide you trust a certificate then you can download and install on your phone.

 

Can't disable Windows Hello for Business

I receive this error in Event Viewer whenever I boot Windows 10 Pro version 1709 build 16299.309.

Windows Hello for Business provisioning will not be launched.

Device is AAD joined ( AADJ or DJ++ ): Not Tested

User has logged on with AAD credentials: No

Windows Hello for Business policy is enabled: Not Tested

Local computer meets Windows hello for business hardware requirements: Not Tested

User is not connected to the machine via Remote Desktop: Yes

User certificate for on premise auth policy is enabled: Not Tested

Machine is governed by none policy.

See https://go.microsoft.com/fwlink/?linkid=832647 for more details.

I tried the following suggestion:

"Type gpedit.msc Go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Passport for Work OR Windows Hello for Business Edit "Use Microsoft Passport for Work" OR "Use Windows Hello for Business" and set it to disabled."

I checked the registry and \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork Enabled is set to 0.

I am using the Administrator account.

The error continues at every bootup.

Thank you.

 

N8 certificates not trusted/don't match the name

Hello,

Thanks for the suggestion. How do you know that the certificates from this person are trustworthy? The web domain is just personal one, not from any trusted certificate authority.

Thanks.