[TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

The behaviour described in the bug report is either by design, or would be far too complex/time-consuming to be changed

Moderators: white, Hacker, petermad, Stefan2

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *ghisler(Author) »

Only on machines where I never ever did something with Windows Hello (no pincode is set, no camera etcetera) do I get the NCryptCreatePersistedKey error message.
Oh, I see - strange, Total Commander should disable/gray out the "Windows Hello" option in this case. Maybe it's a problem specific to Windows 10 1909? I'm on one version later, 20H1 (2004), but also tried on 20H2 and 21H1.
Author of Total Commander
https://www.ghisler.com
glipman
Junior Member
Junior Member
Posts: 31
Joined: 2005-02-09, 20:59 UTC

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *glipman »

My virtual Windows 10 (20H2, 19042.870) is giving the NCryptCreatePersistedKey as well.
After updating it to 20H2, 19042.985: same error message. This is as up to date as is possible I believe.

This machine has never had anything related to Window Hello configured.

(Totally unrelated: you might want to change the link in your signature to https instead of http)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *ghisler(Author) »

I just tested on a freshly installed insider build - I get the error you reported with RC1, but nut with RC2.
Did you try with RC2 yet?
Author of Total Commander
https://www.ghisler.com
glipman
Junior Member
Junior Member
Posts: 31
Joined: 2005-02-09, 20:59 UTC

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *glipman »

Double check: definitely RC2, the checkbox is enabled and can be activated
Image: https://furix.com/images/crypto1.png
After that:
Image: https://furix.com/images/crypto2.png
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *ghisler(Author) »

Sorry, I see no other way to fix this. You will have to live with the error. There doesn't seem to be a documented function for Win32 programs to check whether Windows Hello is available or not. I can't just call this "create key" function because it would directly show the Windows Hello prompt.

Btw, the error you get "Access denied" is very strange. It's not the usual error when "Windows Hello" is unavailable. Could this be a corporate PC where "Windows Hello" has been disabled via group policy?
Author of Total Commander
https://www.ghisler.com
glipman
Junior Member
Junior Member
Posts: 31
Joined: 2005-02-09, 20:59 UTC

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *glipman »

Ok, no problem for me, I will simply not activate the Windows Hello checkbox.

(it is not a corporate PC. The virtual machine is completely standalone.)

At least it is now documented in this topic and will show up when someone googles for NCryptCreatePersistedKey in the future.
glipman
Junior Member
Junior Member
Posts: 31
Joined: 2005-02-09, 20:59 UTC

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *glipman »

In case you still cannot reproduce, I just did so with the following steps:
In the popup the 'Use Windows Hello' checkbox is enabled (default unchecked) and choosing it leads to the NCryptCreatePersistedKey and access denied error message.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: [TC 10 b10 and RC1] Windows Hello for master password ==> NCryptOpenKey "Keyset does not exist"

Post by *ghisler(Author) »

That's Windows Server, it's not 100% identical to Windows 10 although it is based on the same system.

Edit: When you make a Google search for
"Windows Hello" "Windows Server"

it looks like Windows Server does not support the regular "Windows Hello". Instead it supports "Windows Hello for business".
Quote from Microsoft:
The difference between Windows Hello and Windows Hello for Business. ... Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This makes it much more secure than Windows Hello convenience PIN.
Author of Total Commander
https://www.ghisler.com
Post Reply