Multiple re-enrollments can cause the user not to be able to register the device using Okta FastPass (interface error Something is Wrong).

The Event Viewer Logs under Applications and Services Logs Okta can show errors with the 0x80070532 error code such as the one below:

AccountEnrollment][KeyCreation][CryptoLib.CreateKeyPair]: Failed to finalize key: The password for this account has expired. [0x80070532]



[AccountEnrollment][KeyCreation][NativeOperationResult.LogAndCreateException]: Failed call to native method CreateBiometricKeyPair, HResult: 0x80070532.



Extensions.WriteException: Encountered a cryptographic error while enrolling:. Exception: Failed call to native method CreateBiometricKeyPair, HResult: 0x80070532., ErrorCode=SandboxUpdateRequiredError

This is the warning:

ClientSignInManager.OnCredentialEventUpdateAsync: Failed to process credential event KeyCreation|UserPresence for <subdomain>.okta.com: SandboxUpdateRequiredError

• Okta FastPass enrollment
• Device trust
• Okta Identity Engine (OIE)
• Multi-Factor Authentication (MFA)

When uninstalling the Okta Verify application from the Windows device, that will not remove every file and old profiles can still be stored in that folder, causing new installations and enrollments of the same profile to fail.

When presented with that error, it is recommended to uninstall the Okta Verify app and delete the app folder from the device. The installation folder should be found in C:\Program Files\Okta. The name of the Folder is Okta Verify.




NOTE: Delete the Okta Verify folder only after uninstalling the application.