AuthProviderSystemErrorException with ErrorCode 8028008B

[Michaelvsk]

Describe the bug When starting KeePass the Windows-Hello dialog pops up for authentication (I am using face unlock). After successfully recognizing me and pressing OK, I get this error dialog

The database does not get unlocked then and I need to type in the complete passphrase. This does not happen every time. Not 100 % sure but I think it happens every time I do a full shutdown/restart of Windows. I will check that and report back later today.

To Reproduce Steps to reproduce the behavior:

1. Start KeePass (I have set up KeePass to automatically open two databases but will also check if the error persists when opening them manually and report back)
2. Authenticate against system-standard windows hello dialog and press OK
3. You get the mentioned error and database won't be unlocked.

Expected behavior After step 2 the database should be unlocked.

Desktop (please complete the following information):

• OS Version: Windows 10 Enterprise 20H2 (OS Build 19042.928)
• KeePass Version: 2.47
• Plugin Version: 3.1.1.0

• Hardware info: MS Surface Pro 7 Plus with latest firmware

  KeePass settings and environment

• Is secure desktop enabled: No
• Is KeePass running under Administrator (in elevated process): No
• Installed plugins (if any)
  • KeeAnywhere 1.6.0.0
  • KeePassRPC 1.14.0.0
  • KeePassWinHello 3.1.1.0
  • groupCertKeyProviderPlugin 2.0.8.3
  • singleCertKeyProviderPlugin 2.0.8.3
  • Yet Another Favicon Downloader 1.2.4.0
• Any specific settings in KeePass/Plugin

Additional context This PC is company managed, so there are some group policies activated. Maybe some of them affect the behavior of Windows Hello.

[Michaelvsk]

The problem does not occur after each restart of Windows. If it if related to automatic opening of the DBs using KeePass' trigger feature I cannot say, yet. Have disabled the trigger for now and will open the DBs manually the next days to see if the error comes up again.

[sirAndros]

Hello, Michael! Thank you, it's an interesting issue. Looking forward to your investigation, because this error code means "TPM 2.0: The Handle is not correct for the use." which does not mean anything specific.

пн, 17 мая 2021 г. в 16:41, Michael Keller @.***>:

The problem does not occur after each restart of Windows. If it if related to automatic opening of the DBs using KeePass' trigger feature I cannot say, yet. Have disabled the trigger for now and will open the DBs manually the next days to see if the error comes up again.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sirAndros/KeePassWinHello/issues/68#issuecomment-842381280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALTYF72BAKSH6SFY3FPVGDTOETI7ANCNFSM44754HJA .

[Michaelvsk]

After beeing one week on holiday the error came up today again. While the error popup was still open, I have checked Windows Credential Manager and it did not contain any KeePass_WinHello* entry anymore. So I suppose for some reason the stored credentials are deleted and the plugin still believes that the credentials should be there and fails loading them?!

[garpunkal]

I'm getting this error too. :(

[shuffle-c]

Thanks everyone to report for this issue. It seems to be some hardware failure in TPM, in which case the plugin will ask to retry. The fix's gonna be delivered next release.