deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
4833d49ec07d38d64ca5ff9b087fb4e6ede4a459
windows-itpro-docs/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
jdeckerMS b5b0c3b941 updated author
2016-04-05 11:32:36 -07:00

11 KiB
Raw Blame History

title, description, ms.assetid, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, author
title description ms.assetid keywords ms.prod ms.mktglfcycl ms.sitesec author
Microsoft Passport errors during PIN creation (Windows 10) When you set up Microsoft Passport in Windows 10, you may get an error during the Create a work PIN step. DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
PIN
error
create a work PIN
W10 deploy library jdeckerMS

Microsoft Passport errors during PIN creation

Applies to

  • Windows 10
  • Windows 10 Mobile

When you set up Microsoft Passport in Windows 10, you may get an error during the Create a work PIN step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.

Where is the error code?

The following image shows an example of an error during Create a work PIN.

Error mitigations

When a user encounters an error when creating the work PIN, advise the user to try the following steps. Many errors can be mitigated by one of these steps.

  1. Try to create the PIN again. Some errors are transient and resolve themselves.

  2. Log out, log in, and try to create the PIN again.

  3. Reboot the device and then try to create the PIN again.

  4. Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to Settings > System > About and select Disconnect from organization. To unjoin a device running Windows 10 Mobile, you must reset the device.

  5. On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to Reset my phone.

If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.

Hex Cause Mitigation
0x801C03ED

Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed

-or-

Token was not found in the Authorization header

-or-

Failed to read one or more objects

 Unjoin the device from Azure Active Directory (Azure AD) and rejoin
0x801C044D Authorization token does not contain device ID Unjoin the device from Azure AD and rejoin
0x80090036 User cancelled an interactive dialog User will be asked to try again
0x80090011 The container or key was not found Unjoin the device from Azure AD and rejoin
0x8009000F The container or key already exists Unjoin the device from Azure AD and rejoin
0x8009002A NTE_NO_MEMORY Close programs which are taking up memory and try again.
0x80090005 NTE_BAD_DATA Unjoin the device from Azure AD and rejoin
0x80090031 NTE_AUTHENTICATION_IGNORED Reboot the device. If the error occurs again after rebooting, [reset the TPM]( http://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](http://go.microsoft.com/fwlink/p/?LinkId=629650)
0x80090035 Policy requires TPM and the device does not have TPM. Change the Passport policy to not require a TPM.
0x801C0003 User is not authorized to enroll Check if the user has permission to perform the operation.
0x801C000E Registration quota reached

Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](http://go.microsoft.com/fwlink/p/?LinkId=626933).
0x801C000F Operation successful but the device requires a reboot Reboot the device.
0x801C0010 The AIK certificate is not valid or trusted Log out and then log in again.
0x801C0011 The attestation statement of the transport key is invalid Log out and then log in again.
0x801C0012 Discovery request is not in a valid format Log out and then log in again.
0x801C0015 The device is required to be joined to an Active Directory domain Join the device to an Active Directory domain.
0x801C0016 The federation provider configuration is empty Go to [http://clientconfig.microsoftonline-p.net/FPURL.xml](http://clientconfig.microsoftonline-p.net/FPURL.xml) and verify that the file is not empty.
0x801C0017 The federation provider domain is empty Go to [http://clientconfig.microsoftonline-p.net/FPURL.xml](http://clientconfig.microsoftonline-p.net/FPURL.xml) and verify that the FPDOMAINNAME element is not empty.
0x801C0018 The federation provider client configuration URL is empty Go to [http://clientconfig.microsoftonline-p.net/FPURL.xml](http://clientconfig.microsoftonline-p.net/FPURL.xml) and verify that the CLIENTCONFIG element contains a valid URL.
0x801C03E9 Server response message is invalid Log out and then log in again.
0x801C03EA Server failed to authorize user or device. Check if the token is valid and user has permission to register Passport keys.
0x801C03EB Server response http status is not valid Log out and then log in again.
0x801C03EC Unhandled exception from server. Log out and then log in again.
0x801C03ED The request sent to the server was invalid. Log out and then log in again.
0x801C03EE Attestation failed Log out and then log in again.
0x801C03EF The AIK certificate is no longer valid Log out and then log in again.
0x801C044D Unable to obtain user token Log out and then log in again. Check network and credentials.
0x801C044E Failed to receive user creds input Log out and then log in again.

 

Errors with unknown mitigation

For errors listed in this table, contact Microsoft Support for assistance.

Hex Cause
0x80072f0c Unknown
0x80090027 Caller provided wrong parameter. If third-party code receives this error they must change their code.
0x8009002D NTE_INTERNAL_ERROR
0x80090020 NTE_FAIL
0x801C0001 ADRS server response is not in valid format
0x801C0002 Server failed to authenticate the user
0x801C0006 Unhandled exception from server
0x801C000C Discovery failed
0x801C001B The device certificate is not found
0x801C000B Redirection is needed and redirected location is not a well known server
0x801C0019 The federation provider client configuration is empty
0x801C001A The DRS endpoint in the federation provider client configuration is empty
0x801C0013 Tenant ID is not found in the token
0x801C0014 User SID is not found in the token
0x801C03F1 There is no UPN in the token
0x801C03F0 There is no key registered for the user
0x801C03F1 There is no UPN in the token
0x801C044C There is no core window for the current thread

 

Related topics

Manage identity verification using Microsoft Passport

Implement Microsoft Passport in your organization

Why a PIN is better than a password

Prepare people to use Microsoft Passport

Microsoft Passport and password changes

Event ID 300 - Passport successfully created