- Joined
- Mar 14, 2023
- Messages
- 37,363
- Thread Author
- #1
Many users of Windows 10 and 11 are encountering the frustrating error message: "Something went wrong and your PIN isn’t available," accompanied by the error code 0xc00000bb. This issue typically arises when attempting to log into devices using the Windows Hello for Business (WHFB) feature, which relies on a key or certificate-based authentication. The failure in authentication process often leads to users being locked out of their systems, hampering productivity and access to critical resources.
Understanding the Error
When the error occurs, it not only states that the PIN is unavailable but also indicates that the domain controller is unable to validate the client’s certificate. This is a crucial step in ensuring secure authentication. The accompanying message usually appears as follows:Given this context, understanding the underlying causes of this issue and its resolution is vital for users facing it."Your credentials could not be verified. Something went wrong and your PIN isn’t available (status: 0xc00000bb, substatus: 0x0). Click to set your PIN again."
Causes of Error 0xc00000bb
The root cause of the 0xc00000bb error can often be traced back to the Windows Hello for Business (WHFB) setup within a Windows domain environment. The authentication mechanism utilizes a certificate issuing framework that checks the legitimacy of a certificate presented from the client to the domain controller. This process includes the following steps:- Certificate Issuance: The client's machine sends a certificate for validation to the domain controller, which is responsible for verifying its authenticity.
- CA Certificate Check: Domain controllers use the Key Distribution Center (KDC) service to make these verifications. The critical aspect here is checking whether the certificate from the issuing Certificate Authority (CA) is present in a specific registry key known as the NTAuth store located at:
Code:
HKLM\Software\Microsoft\EnterpriseCertificates\NTAuth\Certificates
Solutions to Fix the Error
If you find yourself facing the error, follow these steps to troubleshoot and resolve the issue:Step 1: Network Accessibility
Ensure that your device can connect to needed network resources, including:- Domain Controllers
- Certificate Authorities
- Relevant Azure Active Directory (AAD) or Active Directory Federation Service (AD FS) endpoints.
Step 2: Certificate Authority Administration
- Open the Certificate Authority snap-in on your administrator account.
- Right-click the issuing CA server and select Properties.
- In the General tab, check the current certificate (if there are multiple) and click View Certificate.
- Navigate to the Details tab and find the Thumbprint attribute, as this is vital for verification.
Step 3: Registry Key Verification
Access the registry on your domain controller:
Code:HKLM\Software\Microsoft\EnterpriseCertificates\NTAuth\Certificates
Step 4: Certificate Export and Publishing
To publish the certificate: []Open the Certificate Authority snap-in again. []Right-click the issuing CA server and select Properties. []Under the General tab, choose the current certificate and click View Certificate. []Use the Copy to File option to export it asIssuingCA.cer
. []Log in with your Enterprise administrator account on the domain controller and execute the following commands:Code:certutil -dspublish -f IssuingCA.cer NTAuthCA certutil -enterprise -addstore NTAuth IssuingCA.cer
Code:gpupdate /force
Code:HKLM\Software\Microsoft\EnterpriseCertificates\NTAuth\Certificates
- Run
gpupdate /force
on client computers to ensure the CA thumbprint is created successfully.Step 5: Seek Further Assistance
If you continue to encounter issues after following the above steps, reaching out to Microsoft Support is advised for more specialized help.Additional Related Errors
It's worth noting that while troubleshooting, users may encounter other similar PIN-related errors such as:- 0xd000a002
- 0xc000006d
- 0x80090011
- 0x80090027
- 0xd0000225 Understanding these errors can often highlight underlying issues with the Windows Hello setup.
Final Thoughts
The appearance of the 0xc00000bb error can indeed disrupt users' normal workflow and create significant frustration. However, diligently following through proper network and registry checks, along with ensuring appropriate certificate deployments, can help mitigate and fix these authentication issues successfully. If you are still having trouble, consider consulting detailed user forums or technical support pages that specialize in Windows authentication issues to further assist you. For more insights and updates regarding common issues on Windows OS, feel free to visit the community forums or the original article on The Windows Club【1】.
Source: 【1】0xc00000bb, Something went wrong and your PIN isn't available