none
Configuring the fingerprint reader in Windows 10 Enterprise RRS feed

  • Question

  • My customer is looking for the directions for properly configuring the fingerprint reader (FPR) in Windows 10 Enterprise so that it works from a cold boot when not connected to the domain network.

    They've always been able to make this work in Windows 7 & 8/8.1 (without even really trying), but *cannot* get it to work in Windows 10.

     

    They get this error:  Windows could not use your fingerprint credentials because it could not contact your domain.  Try connecting to another network.

    What’s really weird is that it works sometimes.  For example, I *am not* connected to anything but a generic guest Wi-Fi network on a Windows 10 Enterprise (domain member) machine.  I rebooted (restarted) and the FPR worked.  I shut down (twice) and the FPR worked.  I shut down the third time and when I swiped my fingerprint, I got the above message.

     

    The FPR *has* to work in a completely disconnected/non-networked state.  It always has before.  I know the domain credentials are cached because it allows me to log in by typing my name and passphrase.

    Thanks in advance!

    Wednesday, December 16, 2015 7:24 PM

Answers

  • I would make sure that they have setup their fingerprint login while connected to the corporate network first, then check to be sure a local group policy/enterprise group policy is allowing for the bio-metric settings. Once that's done I would check the event logs and see if you can find anything awry if that doesn't work. Also, confirm that logging in with their Pin works as well while "off domain" (pin must be setup prior to setting up a fingerprint) 

    Lastly, check the firmware and drivers to be sure they are working correctly with the fingerprint reader

    Wednesday, December 16, 2015 7:33 PM
  • Hi Jayne,

    Since the logon can work sometimes, it seems that the configuration is right.

    For domain account, as we know, if you put into different logon password, it will contact DC to sync if there is any updates for the user account.

    It seems that sometimes the recognition of the fingerprint should be not very clearly, that's why LSA send the package to contact DC to authorization.

    Driver of the fingerprint reader could be the cause of the issue, please find the latest version of the reader and device driver for Windows 10, If there is no such version, install it in compatibility mode including both the reader software and the driver.

    To install in compatibility mode do the following:

    Right click the installer>Choose Properties>Under Compatibility tab>Choose OS

    http://windows.microsoft.com/en-US/windows-vista/Make-older-programs-run-in-this-version-of-Windows?SignedIn=1
    (works in  win 7, win 8, and win 10)


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, December 17, 2015 11:22 AM
    Owner

All replies

  • I would make sure that they have setup their fingerprint login while connected to the corporate network first, then check to be sure a local group policy/enterprise group policy is allowing for the bio-metric settings. Once that's done I would check the event logs and see if you can find anything awry if that doesn't work. Also, confirm that logging in with their Pin works as well while "off domain" (pin must be setup prior to setting up a fingerprint) 

    Lastly, check the firmware and drivers to be sure they are working correctly with the fingerprint reader

    Wednesday, December 16, 2015 7:33 PM
  • Hi Jayne,

    Since the logon can work sometimes, it seems that the configuration is right.

    For domain account, as we know, if you put into different logon password, it will contact DC to sync if there is any updates for the user account.

    It seems that sometimes the recognition of the fingerprint should be not very clearly, that's why LSA send the package to contact DC to authorization.

    Driver of the fingerprint reader could be the cause of the issue, please find the latest version of the reader and device driver for Windows 10, If there is no such version, install it in compatibility mode including both the reader software and the driver.

    To install in compatibility mode do the following:

    Right click the installer>Choose Properties>Under Compatibility tab>Choose OS

    http://windows.microsoft.com/en-US/windows-vista/Make-older-programs-run-in-this-version-of-Windows?SignedIn=1
    (works in  win 7, win 8, and win 10)


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, December 17, 2015 11:22 AM
    Owner
  • Hi,

    Would you mind letting me know the result of the suggestions? If you need further assistance, feel free to let me know.

    I will be more than happy to be of assistance.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, December 25, 2015 5:04 AM
    Owner
  • Hi!

    We have this same issue as well. Please help.

    My domain account have had the same password for about couple of months, so the password change is not the reason to contact the DC. I work in our office (connected to domain) almost daily but when working from home (not connected to domain) I face this same issue.

    I have also updated the fingerprint driver to the latest version. Actually the fingerprint reader didn't work at all (after Windows 8.1 Enterprise upgrade to Windows 10 Enterprise) before updating the fingerprint driver. Now it works ok at the office but when being at home I have this issue.

    I have also gone through the Event Viewer logs but unfortunately I can't find any errors from there that be somehow related to this issue.

    So some more help is needed. Any ideas how to continue troubleshooting? Thanks in advance!

    Best regards,

    Toni


    www.triuvare.fi

    Tuesday, January 5, 2016 5:50 PM
  • Any direct solution? I have quite old models, which driver versions are 2012 version. Both computers acts same way - without domain connectivity you cannot logon 100% for sure. I wonder, is there any direct solution for this? In another enviroment I had similar device on Win 8.1 without Fingerprint software and everything worked like a charm. Now, I implemented Fingerprint policies for Win10 1607 (only the reg key), and since I see this "windows could not use your fingerprint credentials because it could not contact your domain" my logic tells me in this situation, that there is somekind of lack of functionality in Windows 10 itself. Also, since 1607, this entire Fingerprint config seems to be different, it is more tighed to Windows Hello.
    Tuesday, September 20, 2016 5:39 PM
  • I did more testing. I made sure the Fingerprint driver is the latest version - AuthenTec Inc. 3.4.4.84 / 11.10.2012. I only had one problematic computer of three, which refused offline autentication. After rebooting it several times, it also started working fine. So I have no solution to this, but as an idea, I suggest;

      1. Re-logon multiple times with finger online, reboot computer multiple times.
      2. Re-register the finger to user again.

    Thursday, September 22, 2016 8:30 AM