Jump to content
Enpass Discussion Forum

Windows Hello doesn't work on system boot, must restart Enpass


PGTipz
 Share

Recommended Posts

I'm unable to open Enpass.  I get the screen indicating Windows Hello, but the prompt doesn't come up for Hello, password or pin.  I uninstalled and reinstalled Enpass, and initially it worked again, but a few days later, I'm getting the screen without the prompt.  

 

Screenshot 2021-03-14 07.57.33.png

Link to comment
Share on other sites

Hi @Terri Breining,

Sorry for the inconvenience caused to you.

We have released a beta update for the Windows OS including fix for this issue and will soon be releasing the stable version. Meanwhile, if you are interested in joining the beta version, please share your Microsoft ID with me via PM or support@enpass.io. We would love to have your feedback on the beta version.

Link to comment
Share on other sites

Unfortunately, I haven't been able to test the beta yet because my notebook is broken and will be repaired.

On 3/15/2021 at 2:38 PM, dan45 said:

hi @Pratyush Sharmahow can I get beta-versions?

Try out Enpass beta

On 3/12/2021 at 9:59 PM, gpf said:

Thanks for the suggestion, I'll try that out. Is the layout and functionality the same in that version?

The only difference I found is the program icon.

  • Thanks 1
Link to comment
Share on other sites

I'm seeing the same thing.  It was working fine until the March update to Windows 10 20H2.  If I uninstall the update Windows Hello will work again with Enpass.  As it is, Enpass is unusable because there is not even an option to type a password.

Link to comment
Share on other sites

  • 1 month later...

I'm using version 6.6.2 (826) from the Windows store, and Windows Hello login still does not work on launch. I've tried reinstalling the app but it does not work. I still have to enter the master password on launch on my PC.

The settings screen also still mentions this:

image.png.ee21f56322322fe62c6c3497424b7507.png

Link to comment
Share on other sites

Hi @singularity0821,

Sorry for the inconvenience caused to you.

Whether the full-time Window Hello will work on any device totally depends on the Windows itself.

To determine the compatibility of the device to support Full-time Windows Hello (feature is only available with Enpass Store version), Enpass relies on this API provided by the Microsoft . It is the only way to distinguish whether the security keys are generated by a legit Hardware TPM. There is little Enpass can do in this case. Although for external TPM is available in the market we cannot ensure that they will support the given API.

Link to comment
Share on other sites

  • 1 month later...

I am also having the same issue where Enpass will not unlock using Windows Hello after the first time it is started/restarted.

Enpass Security Screen

image.png.4a1cc1b683ab89216341c38668857248.png

 

Below are my system details:

OS: Windows 10 Pro 20H2 19042.1052 x64
Enpass Version: 6.6.1 (804) from the Microsoft Store

 

Security Processor Details

image.png.0a5bbee75cba0ab63a3f0ae3daa10f9a.png

 

Get-TPM

TpmPresent                : True
TpmReady                  : True
TpmEnabled                : True
TpmActivated              : True
TpmOwned                  : True
RestartPending            : True
ManufacturerId            : 1229870147
ManufacturerIdTxt         : INTC
ManufacturerVersion       : 403.1.0.0
ManufacturerVersionFull20 : 403.1.0.0

ManagedAuthLevel          : Full
OwnerAuth                 :
OwnerClearDisabled        : False
AutoProvisioning          : Enabled
LockedOut                 : False
LockoutHealTime           : 2 hours
LockoutCount              : 0
LockoutMax                : 32
SelfTest                  : {}

 

Get-TpmSupportedFeature -FeatureList "Key Attestation"

key attestation

 

Get-TpmEndorsementKeyInfo

IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            :
ManufacturerCertificates : {}
AdditionalCertificates   : {[Subject]
                             TPMVersion=id:00020000, TPMModel=CNL, TPMManufacturer=id:494E5443

                           [Issuer]
                             CN=www.intel.com, OU=TPM EK intermediate for CNL_EPID_POST_B1LP_PROD_2 pid:9, O=Intel
                           Corporation, L=Santa Clara, S=CA, C=US

                           [Serial Number]
                             ****************************************

                           [Not Before]
                             13/2/2018 8:00:00 AM

                           [Not After]
                             1/1/2050 7:59:59 AM

                           [Thumbprint]
                             ****************************************
                           }

 

Get-TpmEndorsementKeyInfo -Hash "Sha256"

IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            : ****************************************************************
ManufacturerCertificates : {}
AdditionalCertificates   : {[Subject]
                             TPMVersion=id:00020000, TPMModel=CNL, TPMManufacturer=id:494E5443

                           [Issuer]
                             CN=www.intel.com, OU=TPM EK intermediate for CNL_EPID_POST_B1LP_PROD_2 pid:9, O=Intel
                           Corporation, L=Santa Clara, S=CA, C=US

                           [Serial Number]
                             ****************************************

                           [Not Before]
                             13/2/2018 8:00:00 AM

                           [Not After]
                             1/1/2050 7:59:59 AM

                           [Thumbprint]
                             ****************************************
                           }

 

Output from the WindowsAttestationTest_1.0.0.0_x86 App

21:33:38.4189779 HelloSupported::True
21:33:38.4239986 KCM::OpenStatus::NotFound
21:33:38.4259780 KCM::OpenFailed::RequestingCreate.
21:33:41.0279789 KeyRetrievalStatus::Success
21:33:43.1271809 GetAttestationStatus::Success
21:33:43.4383245 PublicKeySignStatus::Success
21:33:43.4383245 PublicKey::********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

 

Will you be able to assist please? 

I have attempted the following but the issue still persists:

1. Clear the TPM both from Windows and the BIOS

2. Re-enroll Windows Hello.

3. Cleared Enpass data and restart from fresh.

 

Thank you.

Edited by Plexion
Link to comment
Share on other sites

On 6/29/2021 at 2:27 PM, Anshu kumar said:

Hi @Plexion,

As mentioned by @Pratyush in the post above, it is the Windows itself which decides whether Enpass can be always unlocked using Windows Hello.

To determine whether your device have support Full-time Windows Hello, please have a look at these troubleshooting steps mentioned by @Garima Singh

Hope this helps!

Interestingly Bitwarden does support full-time Windows Hello, while Enpass does not. So I'm not sure if it's an issue with our devices.

Edited by singularity0821
Link to comment
Share on other sites

2 hours ago, Anshu kumar said:

Hi @Plexion,

As mentioned by @Pratyush in the post above, it is the Windows itself which decides whether Enpass can be always unlocked using Windows Hello.

To determine whether your device have support Full-time Windows Hello, please have a look at these troubleshooting steps mentioned by @Garima Singh

Hope this helps!

 

Hi @Anshu kumar

If you have read through my entire post, you will notice that I have gone through all 3 pages of this thread, and provided all the information your team has requested for throughout, including those highlighted in the link you have provided.

Kindly please check my previous post once again, for all the information requested, including the output from the test app. Windows Hello is said to be supported by the test app.

Edited by Plexion
Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

I am also having the problem of Windows Hello not working when first launching the app after first boot. However this problem only started to happen when I had to reimage my laptop. Before reimaging, it worked as expected and Windows Hello would always work, even after reboot. This tells me that my hardware does support the ability to do Full Time Windows Hello, and I can confirm that the laptop has an OEM TPM 2.0 chip that came with the laptop (not a TPM added after the fact). This tells me that it is a problem with the Enpass App, and not with my hardware.

I am using the 6.6.3 (836) version of the app from the Windows Store on Windows 10 21H1. Below is the results from the WindowsAttestationTest app:

 

21:25:40.0438434 HelloSupported::True
21:25:40.0578458 KCM::OpenStatus::NotFound
21:25:40.0588455 KCM::OpenFailed::RequestingCreate.
21:25:46.1298155 KeyRetrievalStatus::Success
21:25:48.0390590 GetAttestationStatus::Success
21:25:48.3560603 PublicKeySignStatus::Success
21:25:48.3560603 

If you need additional information to help troubleshoot and resolve this issue, I will gladly assist.

Thank you.

Edited by Rojma
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...