Home Windows 10 Tutorials System and Security

Windows Hello PIN Generation Error Due To Active Directory: Unjoin And Rejoin Azure AD


Windows Hello is the biometric authentication technology in WIndows 10 operating system, which facilitates device unlocking with the help of facial recognition, fingerprint, etc. As we know, all biometric authentication technologies require users to set up a PIN or password as an alternative option. In case, biomteric authorization fails for some reason, users can use PIN instead. Now, this PIN generation process in Windows 10 often suffers bugs or errors. There are different types of bugs. You can find the list here.

Intellipaat is offering online certification courses on all cloud technologies like DevOps, AWS, and Azure training provided by industry experts, learn now and excel in your career. 

Some of the errors occur due to technical fault of the Azue Active Directory or Azure AD. Let’s learn a bit about the Active Directory. Most of Microsoft’s online business services, Office 365, Windows Hello deploy Microsoft Azure Active Directory.
If there is any technical issue with the Azure Active Directory, then you can unjoin from Azure Ad and rejoin it. This essentially solves the problem. Basically, what you need to do is

  • Open Start Menu, go to Settings application.
  • Next, go to System.
  • Select About
  • Choose Disconnect from the organization

Now, let’s have a look at the errors that arrive during PIN generation. The errors are 0x801C03ED, 0x801C03EA, 0x801C0015, 0x801C000E, 0x80090005.

0x801C03ED: This error occurs due to a number of reasons:

When multi-factor authorization is required for a ProvisionKey operation but, it was not performed anyhow.

This error can also arise if token is not found in the authorization header.

If the authorization fails to read one or more subjects.

0x801C03EA: This error is reported of the server fails to authenticate a user or a device. This can be due to technical issue of the user access token issued by the AD server. In this case, you have to contact the IT admin and ask him/her to check if the user has permission to register Windows Hello for business keys.

0x801C0015: New devices need to connect to Active Directory domain. Thus, you must join the computer to an Active Directory domain, and try once again.

0x801C000E: The fix is for admins who is responsible for device management in any organization. When you get this particular error code, it means the number of computers that can join Azure AD has reached the maximum limit. The admin then needs to remove some other device from the directory, and add the required machine back.

0x80090005: This error message “NTE_BAD_DATA” indicates a certificate issue. The solution for this is to unjoin the device from Azure AD and rejoin once again.

0x80090011: The error message would say “The container or key was not found.”  Here, the solution is same as before, unjoin Azure AD and rejoin it.

0x8009000F: The error message indicated “The container or key already exists.” Unjoin and join the device from Azure AD.

0x801C044D:  When a device tries to join AD, the authorization code must contain the device ID. If it is missing, then this error code is returned. Here also, the solution is to unjoin the device from Azure AD and rejoin.

That’s all!


Happiness is that best therapy. Use it to heal yourself and then others!



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version