During Windows Hello set up in Windows 11 or Windows 10, it’s compulsory to create a PIN as well. The PIN makes sure you can still login in case Hello fails to work. It is common to get Windows PIN error while setting up Hello. This guide will talk about those errors and how you can resolve them.
List of PIN Error Codes on Windows 11/10
One of the error messages is – Something went wrong, and we couldn’t set up your PIN, Error 0x80070032.
Just before we start deep diving into error codes, there are a few things you should do which can fix most of the problems. It includes trying to create a PIN again, Sign-in/ Sign-out, and reboot the device.
1] Sign out and then sign in again
Here is the list of error codes that can be resolved with a simple sign-out and sign-in again with the same account. These error codes are transient.
- 0x801C044E: Failed to receive user creds input
- 0x801C03EF: The AIK certificate is no longer valid
- 0x801C03EE: Attestation failed
- 0x801C03EC: Unhandled exception from server
- 0x801C03EB: Server response HTTP status is not valid
- 0x801C03E9: Server response message is invalid
- 0x801C0010: The AIK certificate is not valid or trusted
- 0x801C0011: The attestation statement of the transport key is invalid
- 0x801C0012: Discovery request is not in a correct format
2] Unjoin the device from Azure AD and rejoin
All Windows PIN errors related to the Active Directory, have a straightforward solution. Unjoin the machine, and then join again. Then one can go ahead and try to create the PIN again. To unjoin a computer, go to Settings > System > About and select Disconnect from the organization.
Below is the list of Windows 11/10 PIN error codes with an explanation of the issue it is facing. Since this is an Azure AD issue, the solution is the same as above for all the error codes.
0x801C03ED: There are multiple reasons for this. It can be because of-
- Multi-factor authentication is required for a ‘ProvisionKey’ operation but was not performed
- Token was not found in the Authorization header
- Failed to read one or more objects
- or the request sent to the server was invalid.
0x801C03EA: It happens when the server fails to authorize the user or device. Please ask the IT admin to check if the token issued by the AD server is valid and the user has permission to register Windows Hello for Business keys.
0x801C0015: If the device is new, then it is required to be joined to an Active Directory domain. Join the computer to an Active Directory domain, and try again.
0x801C000E: The fix for this is available with the admin who manages computer in the organization. The error code means that the number of machines which can join Azure AD is at the maximum count. The administrator needs to remove some other device from the directory, and add the same machine again or increase the maximum number of devices per user.
0x80090005: The error message “NTE_BAD_DATA” means that there is a certificate issue, and you need to unjoin the device from Azure AD and rejoin.
0x80090011: The error message would say, “The container or key was not found.” Make sure to unjoin and join Azure AD.
0x8009000F: The error message would say, “The container or key already exists.” Unjoin and join the device from Azure AD.
0x801C044D: When a device tries to join AD, the authorization code should also contain the device ID. It acts as an identifier. If that is missing, you need to unjoin the device from Azure AD and rejoin.
3] TPM Issues on Windows 10 PIN Error
0x80090029: The error occurs when the TPM Setup is not complete on the machine.
- Sign on with an administrator account on the device
- In the Start, type “tpm.msc.” It will reveal the Microsoft Common Console Document.
- Click on the Actions file menu, and select Prepare the TPM.
0x80090031: The error displays “NTE_AUTHENTICATION_IGNORED.” To resolve, reboot the machine, and if the error still occurs, reset the TPM or run Clear-TPM.
0x80090035: This occurs when the Business policy of an organization makes TPM mandatory. However, when the device does not have TPM, the only option is to remove the restriction for TPM and join the AD.
4] Configuration Issues
0x801C0016: The federation provider configuration is empty. Go here and verify that the file is not empty.
0x801C0017: The federation provider domain is empty. Go here and verify that the FPDOMAINNAME element is not empty.
0x801C0018: The federation provider client configuration URL is empty. Go here and verify that the clientconfig element contains a valid URL.
5] Other Windows 10 PIN Errors
0x801C044D: Unable to obtain the user token
First, sign out and then sign in again. After this check network and credentials.
0x801C000F: Operation successful but the device requires a reboot
Simply reboot the device, and then try the Windows Hello setup again.
x801C0003: User is not authorized to enroll
Check if the user has permission to set up Windows Hello for Business. If not, the permission has to be given by the IT admin to complete the process.
The computer is out of memory. Close all large programs, and then rerun the setup.
0x80090036: User canceled an interactive dialog
You have to try the setup process again.
0x8009002d: Something went wrong, skip now, and try again in some time.
Check out how to resolve Windows 10 PIN Error 0x8009002d
6] Call Microsoft Support for Windows Pin Error
That covered, there are few errors which can be resolved by only contacting Microsoft Support. Here is the list:
- 0x80072f0c: Unknown
- 0x80070057: Invalid parameter or argument is passed
- 0x80090027: Caller provided the wrong parameter. If third-party code receives this error, they must change their code.
- 0x8009002D: NTE_INTERNAL_ERROR
- 0x80090020: NTE_FAIL
- 0x801C0001: ADRS server response is not in a valid format
- 0x801C0002: Server failed to authenticate the user
- 0x801C0006: Unhandled exception from server
- 0x801C000C: Discovery failed
We hope this guide from Microsoft, to troubleshoot Windows 11/10 PIN error answers all your queries. If there is a different error code on your screen, share it with us in the comments.