I own a Lenovo ThinkPad P16 Gen2 running Windows 11 Pro 23H2 with fingerprint sensor.
The account I’m using is local (in case that’s important).
On a second disk I have also installed OpenSUSE Leap 15.6.
In the past after a Windows recovery onto a new disk needing multiple attempts I had experienced that the fingerprint authentication had stopped working, but there were too many events that might have caused that, so I did not investigate…
However recently I had switched BIOS to UEFI Secure Boot, and things still worked.
When I tried to boot Linux, there was a message about “secure boot violation” that surprised me, because I thought the recent GRUB is signed for secure boot, but anyway:
I turned off secure boot temporarily, booted Linux where I also had configured multiple fingers to authenticate, and it worked.
However when I booted Window after that, fingerprint authentication did not work any more; actually it wasn’t offered any more, and when I tried PIN instead, Windows said after sucessfully checking it (the wrong PIN would not work) that it isn’t available at the moment, and that a boot might fix the issue (but it did not; I even tried twice).
What could have happened is this: When restoring Windows after I had built in two disks instead of just one, it is possible that Windows had installed a boot manager on each of the disks, and rather likely they are not identical any more.
When booting Windows from the BIOS boot menu, one bootmanager displayed two Windows installations (during my recovery attempts I had installed a second copy, but now there is only one).
As they wre displayed (in Microsoft manner) as “Windows” and like “Windows on disk 3”, I had no idea who’s who, so I might have started an “odd” boot manager (boot succeeded, however)…
The “Synaptics Fingerprint Preboot manager” in Windows says my user has three fingers configured (I also had configured a few fingers for a different user…), however…!!!
Thus my questions:
- What causes the failure to authenticate using Windows Hello PIN or fingerprints? Is it related to Secure Boot, or is it related when another OS also uses fingerprint authentication? Or is it something completely different?
- Which commands exist to examine the current status of PINs and fingerprints (I don’t use the camera) in Windows 11 (troubleshooting Windows Hello)?
- Specifically I feel worried: If I make a full backup of my Windows partition (e.g. using Acronis True Image), and I will have to restore it: Will the Hello data be backed-up and restored properly, too, or does it reside in the TPM where it cannot be backed up (but overwritten easily (as it seems))?
