Skip to main content
Skip table of contents

Troubleshooting on Windows Passwordless Login

This document contains troubleshooting information about Passwordless Login on Windows.

First, if you have any problem about Passwordless Login on Windows, you need to enable Debug mode from Registry and restart the Monofor Identity Service.

Open Registry (regedit.exe), navigate to the following keys and edit Debug value 0 to 1.

CODE 
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Monofor\Identity Client

You need to create a Logs directory in under C:\, it means you need to have a directory on path C:\Logs. Every log file will be created in here.

Now, restart the Monofor Identity Service.

User is trying to scan QR Code but after successful message, user stays in Logon UI

Description

After first install, user might have this issue if user has not signed out completely and sign-in again.

Solution

Sign-out completely and try to sign in again.

User is trying to scan QR Code but after successful message, user stays in Logon UI

Description

Monofor Identity uses TPM module on the machine. If virtual smart card has been broken in somehow, user can’t use this feature.

Solution

You need to remove smart card lines from the Windows\System32\monofor-identity-security.ini file and Uninstall / Install again.

First you need to uninstall the TPM virtual smartcard. For that, open command line and type following command.

POWERSHELL 
monofor-tpm-service uninstall

Go to the monofor-identity-security.ini remove following lines sdinstance=ROOT\SMARTCARDREADER\0000 andsdinitialized=true;

CODE 
[Settings]
deviceState=unlocked
userName=MONA
sessionId=9017004F-6049-4854-8522-CDD34853A0CB
userDeviceId=BAACC59F-7168-461D-B036-4FD19A358744
sdinstance=ROOT\SMARTCARDREADER\0000
sdinitialized=true
[MONA]
recoveryCodes=USER-RECOVERY-CODES
UPN=mona@monodc.local

Final result should be like following;

CODE 
[Settings]
deviceState=unlocked
userName=MONA
sessionId=9017004F-6049-4854-8522-CDD34853A0CB
userDeviceId=BAACC59F-7168-461D-B036-4FD19A358744
[MONA]
recoveryCodes=USER-RECOVERY-CODES
UPN=mona@monodc.local

This will completely destroy virtual smart card on Windows and allow you to create a new one. Run the following commands on Powershell or cmd, type the following command and execute.

POWERSHELL 
TpmVscMgr destroy /instance root\smartcardreader\0000
monofor-tpm-service install

You need to see the successful message (Output - Do not run the following messages).

POWERSHELL 
PS C:\Users\Administrator> TpmVscMgr destroy /instance root\smartcardreader\0000
Destroying TPM Smart Card...
Initializing the Virtual Smart Card Reader...
Destroying the Virtual Smart Card Reader...
Initializing the Virtual Smart Card Simulator...
Destroying the Virtual Smart Card Simulator...
Initializing the Virtual Smart Card component...
Destroying the Virtual Smart Card component...
TPM Smart Card destroyed.
PS C:\Users\Administrator> monofor-tpm-service install
TPM Installed Successfully
PS C:\Users\Administrator>

User is trying to Scan QR Code and getting “The user name or password is incorrect.”

Description

When user try to Scan QR Code, user is getting “Success” message in Monofor Identity app but getting “The user name or password is incorrect.” on Windows Logon UI.

Windows Logon UI

Solution

Please follow this solution.

I need to check that Certificate Enrollment is OK or not

Description

Sometimes we could need to check whether the certification process is working fine or not.

Solution

On the client machine, go to the Manage User Certificates. (certmgr.msc)

Under Personal, Certificates, you can right-click, All Tasks and Request New Certificate.

Click Next, and Next again. If everything works properly, you need to see both Monofor Identity - Enrollment and Monofor Identity - Client certificates on the list.

Monofor Identity - Enrollment certificate is our Enrollment Certificate for Passwordless login processes. Select and click Enroll. If you have the following error message, it means your computer is unable to talk with AD CS (Active Directory Certificate Authority). You can restart the client machine to solve the problem. If it doesn’t fix again, try to restart ADCS on the domain controller, or try to restart the AD machine.

After you have successfully enrolled in the certificate, you will see the following UI. You can click Finish.

Requesting Certificate on Behalf

Description

If the Enrollment certificate is OK and the Enrollment process is OK, and you are not still able to log in, you may also want to check if the Service user can request a certificate on behalf of the user.

Solution

On the client machine, go to the Manage User Certificates. (certmgr.msc)

Under Personal, Certificates, you can right-click, All Tasks, Advanced Operations, and Enroll On Behalf Of.

Click, Next and, Next. Browse Signing Certificate. Click OK.

Click Next and you will see the following list. Select Monofor Identity - Client and, click Next.

Now type the Username that you are trying to log-in to, or browse it.

If you can see the following UI, you can obtain the client certificate. Which means your certificate process is OK.

I need to learn the Smart Card has been created on the machine or not

Description

Monofor Identity uses Virtual Smart Card on the machine. Virtual Smart Cards are stored on the Machine’s TPM Module (v2.0) which is a secure tamper-protected module that keeps your critical authentication information secure.

To know that Monofor Identity has created your certificate correctly, you need to check the machine’s Smart Cards.

Solution

Execute the following Powershell command to know whether SmartCardReader and Smart Card have been created or not.

POWERSHELL 
Get-PnpDevice | Where-Object { $_.Class -eq 'SmartCardReader' } | Format-Table -AutoSize

You should see similar result in the following;

TEXT 
Status Class           FriendlyName InstanceId
------ -----           ------------ ----------
OK     SmartCardReader MONOFOR-TPM  ROOT\SMARTCARDREADER\0000

Agent Files Path

Monofor Identity Agent uses the below files on the Windows machine. It can verify agent installation was successful or not.

CODE 
C:\Windows\System32\monofor-identity-security.ini
C:\Windows\System32\libcurl.dll
C:\Windows\System32\zlib1.dll
C:\Windows\System32\QRCoder.dll
C:\Windows\System32\MonoSignCPHelper.dll
C:\Windows\System32\MonoSignCP.dll
C:\Windows\System32\MonoSignCPEx.dll
C:\Program Files\Monofor\Identity Client\Service\monofor-tpm-service.exe
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close