TPM Security Processor Troubleshooting Guide

Status 

The first step of troubleshooting Trusted Platform Module (TPM) errors is to review the status of the security processor.  

Windows 10  

  • Go to Settings -> Update & Security -> Device Security -> Security Processor Details 
  • Or Type “TPM” in the search box and select Security Processor Details 
  • Or run Get-TPM in an administrator PowerShell console.  

Any detected issue should cause a message to a appear in the Status section. Refer to Security Processor troubleshooting (microsoft.com) for details and instructions to resolve each error message.  

Older Windows Versions 

  • Go to Run, type MMC and press enter. 
  • Select File -> Add Remove Snap-in 
  • Choose TPM Management and click Add. Select Local Computer 

Any detected issues should be listed in the Status row. Refer to Security Processor troubleshooting (microsoft.com) for details and instructions to resolve each error message. 

Event Logs 

TPM errors are recorded in the System Event Logs on Windows computers. Search the event logs for TPM errors with PowerShell: 

Get-WinEvent -FilterHashtable @{LogName=’System’} | Where-Object -Property Message -Match ‘TPM’ | fl 

Remediation 

No one solution will correct all TPM issues, but here are some of the most common and effective fixes listed in the order you should attempt them.  

Updates 

Many times, TPM errors can be corrected by applying updates to the operating system and system BIOS.  

The operating system should be updated with the Windows Update mechanism. Windows updates should be applied before any TPM or BIOS updates from the manufacturer.  

The procedure for updating the System BIOS is different across systems, but in general the manufactures update utility should be used. 

UEFI Discrepancy 

TPM 2.0 (check status) requires the system BIOS to be in a Native UEFI mode only. Disable any legacy functions, modes, or settings.  

Clear TPM 

TPM security processors include their own sealed storage. Occasionally that storage becomes corrupted. Clearing the TPM storage is done with the Security Process Details page or, the TPM MMC (see Status section). It can also be done via PowerShell (Clear-TPM in an admin console). 

  • You should backup a system before clearing the TPM. Data loss is possible in certain situations. 
  • Windows Hello will not function after clearing TPM storage and needs to be reconfigured. 

Reset Power 

Often a full power loss will restore TPM functionality to systems that cannot detect their TPM security processor. TPM is missing or not detected status messages from either the BIOS or Windows Status warrant the following procedure. It is important to remove all power and fully drain any capacitors or other power supply available to the TPM chip, a reboot or shutdown is not sufficient.  

  • Shutdown the system 
  • Unplug the Power Cable or Power Supply 
  • Remove any batteries from laptops. 
  • Disconnect any UPS or USB power.  
  • Hold down the Power button for a minimum of 30 seconds. 
  • Re-connect power cords, power supplies, UPS, or USB power. 
  • Power on the system and check the TPM status.   

Further Documentation 

If you are unable to resolve TPM issues after completing these steps you should contact your system’s or motherboard manufacturer’s technical support. There is likely a hardware issue that may require replacement. It is possible to disable the TPM function in your system BIOS. Be sure to decrypt disks and turn off features that require it (Windows Hello) first.

About Kevin Trent

IT professional with almost 30 years of experience in Infrastructure, Architecting, Administration, Development, and Communications.

2 Responses

  1. Jennifer Le Blanc-Reda

    Hello can you assist me with a major / minor complication my son and his father built a new pc which has msi’s mag x570 tomahawk Wi-Fi motherboard and I’m having TPM issues I had to get an it professional from Canada computers to complete with the installation of Windows 10 because I couldn’t do it it’s been a couple decades since I have fiddled with Windows but I seem to continue to have no access to security processor and TPM now when I did try to load the operating system Windows 10 in the MSI bios settings to determine if the all proper settings were enabled and that security processor was enabled and the boot order was very confusing and is why I actually took it to a IT professional but somehow I’m still having the same issue I just received it back from the computer place again and it’s still displaying the same issue with saying TPM is not usable PCR 7 binding not found so basically there is absolutely no device encryption and it’s very troubling because it’s brand new device motherboard everything it’s built from pieces and equipped with the Windows 10 disc with the key inside but it’s also confusing because my son’s Microsoft account when I look in there for security update information it’s telling me for encryption Keys BitLocker keys to contact the device administrator because his keys were possibly sent to a work or school email address I’ve tried contacting Microsoft in regards to this and I only get a robo automated and if I can’t verify the device for them through connection with their Windows operating system I’m at a complete loss and I’m getting annoyed when I have to bring the computer back to Canada computers and get treated as if nothing’s wrong when there’s no security processor enabled or device encryption section BitLocker nothing I have no security but under web credentials and Microsoft credentials section I have a ton at least 50 different generated web credentials for Xbox Live which my son does not have this may be a lot of feedback that wasn’t necessary but at the same time on my end it’s exhausting and I am not technically up to speed so I don’t know how to properly explain the terminology with the resources I’m dealing with our extremely confusing and don’t make sense to me either

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s