Troubleshooting

Issues After Changing Domain

If you have changed the domain of your computer (for example, joined it to Azure AD and then reverted it to an on-premises AD domain) and encounter an error when registering the device in the domain, follow these steps:

1. Run certmgr.msc as an administrator on your computer.

2. Navigate to Trusted Root Certification Authorities → Certificates.

3. Check for multiple certificates from your domain server. Keep only the root certificate from the Certification Authority, removing any extras.

Login Issues After Registration

If the registration is successful but you cannot log in, run the following command in PowerShell as an administrator:

certutil -pulse

Missing QR Code for Login

If the QR code does not appear on the Windows login screen, check if this option is enabled in Hideez Client.

Connection Issues Between Hideez Authenticator and Hideez Enterprise Server (No Connection to Server)

If you encounter a "No connection to server" or "Operation timeout" issue during Single Sign-On to the web application or unlocking your computer, ensure that the port and server address for Hideez are open to the network where the smartphone with the Hideez Authenticator app is located.

To Check the Connection Between Your Smartphone and Hideez Server, Follow These Steps:

1. Open a browser on your smartphone (Chrome, Safari, or any other).

2. Enter the address of your Hideez server. This could be the local or public address of the Hideez Enterprise Server.

3. Check the connection status. If the server is available and the configuration is correct, you will see a page confirming access to the server or a prompt for authorization credentials.

View Installed Smart Cards or Passwordless Unlock Accounts on Your Computer's TPM

To check registered smart cards or passwordless login accounts using PowerShell, execute the following command:

wmic path win32_PnPEntity where "DeviceID like '%smartcardreader%'" get DeviceID

If your computer has smart cards registered as login methods or accounts for passwordless unlocking via the Hideez Authenticator app, the corresponding command or query will return something like this:

Remove Installed Smart Cards from Your Computer's TPM Module

To remove installed smart cards or passwordless login accounts saved in the TPM 2.0 module on your computer using PowerShell, you can use the following command:

tpmvscmgr destroy /instance <name_of_smartcard>

The result of the command for removing smart cards or accounts from the TPM module or through the virtual smart card management utility may look something like this:

Check the Status and Properties of TPM on Your Computer

To check the status and properties of TPM 2.0, you can use the following command in PowerShell:

Get-TPM

If the TPM (Trusted Platform Module) on your computer is enabled, the Get-TPM command in PowerShell will return information similar to this: