Troubleshooting
Hideez Authenticator - Troubleshooting
Last updated
Was this helpful?
Hideez Authenticator - Troubleshooting
Last updated
Was this helpful?
If you have changed the domain of your computer (for example, joined it to Azure AD and then reverted it to an on-premises AD domain) and encounter an error when registering the device in the domain, follow these steps:
Run certmgr.msc as an administrator on your computer.
Navigate to Trusted Root Certification Authorities → Certificates.
Check for multiple certificates from your domain server. Keep only the root certificate from the Certification Authority, removing any extras.
If you encounter error 0x800706BA, it indicates that the Certification Authority (CA) server is unavailable. To resolve this issue, follow these steps:
Check CA Server Availability
Ensure the CA server is powered on and running properly.
Verify that there are no network issues preventing access to the server.
Test Connectivity to the CA Server
Run the following command in Command Prompt (cmd) to check if the CA server is reachable:
If the server is reachable, test connectivity to the CA RPC service by running:
If you receive a timeout or connection error, there may be firewall rules or network policies blocking access.
Check Windows Firewall & Network Settings
Ensure that RPC (Remote Procedure Call) and DCOM are not blocked by a firewall.
Open the required ports for CA communication (typically TCP 135 for RPC).
Restart the CA Service
Open Services (services.msc) on the CA server.
Find Active Directory Certificate Services and restart it.
Alternatively, restart the service via PowerShell:
Verify CA Role Installation
Run the following command to check if the CA role is installed:
If the CA role is missing, reinstall it using:
If the issue persists, check event logs (Event Viewer > Applications and Services Logs > CertificateServicesClient) for detailed error messages.
If the registration is successful but you cannot log in, run the following command in PowerShell as an administrator:
If the QR code does not appear on the Windows login screen, check if this option is enabled in Hideez Client.
If you encounter a "No connection to server" or "Operation timeout" issue during Single Sign-On to the web application or unlocking your computer, ensure that the port and server address for Hideez are open to the network where the smartphone with the Hideez Authenticator app is located.
Open a browser on your smartphone (Chrome, Safari, or any other).
Enter the address of your Hideez server. This could be the local or public address of the Hideez Enterprise Server.
Check the connection status. If the server is available and the configuration is correct, you will see a page confirming access to the server or a prompt for authorization credentials.
To check registered smart cards or passwordless login accounts using PowerShell, execute the following command:
If your computer has smart cards registered as login methods or accounts for passwordless unlocking via the Hideez Authenticator app, the corresponding command or query will return something like this:
To remove installed smart cards or passwordless login accounts saved in the TPM 2.0 module on your computer using PowerShell, you can use the following command:
The result of the command for removing smart cards or accounts from the TPM module or through the virtual smart card management utility may look something like this:
To check the status and properties of TPM 2.0, you can use the following command in PowerShell:
If the TPM (Trusted Platform Module) on your computer is enabled, the Get-TPM command in PowerShell will return information similar to this:
