Hello everyone.
I'll just get straight to the point. I've built myself a new desktop PC in November, and a few days ago I decided to add a TPM module to it and encrypt my drives with BitLocker. However, I'm having problems getting them both to work properly.
I'm running Windows 10 Pro, my motherboard is ASUS Z170-A and the UEFI BIOS is updated to the latest version. The TPM is enabled in the BIOS, as are Secure Boot and UEFI, which are the requirements to using the TPM on Windows 10.
When I open the TPM administration console, the status of the TPM is "The TPM is ready for use, with reduced functionality". If I click on Prepare the TPM, it briefly checks my TPM configuration, and then displays a message "The TPM security hardware on this computer is ready for use, with reduced functionality (consistent with previous OS versions)". Please note that there was no previous OS installed on this computer, and the Event Viewer doesn't seem to show any logs relevant to this message. I have tried Clearing the TPM multiple times, but the results are the same afterwards, even if I disable auto-provisioning using the PowerShell (the TPM simply takes longer to get prepared then). I am using the default, Microsoft-provided driver. I have also tried to clear the TPM from BIOS and disabling then re-enabling it, also to no avail.
Another problem, which I believe is directly related to this one is with BitLocker. I have no troubles encrypting/decrypting USB drives encrypted with BitLocker to Go, but I'm not able to properly encrypt the OS drive (Samsung 960 EVO M.2 SSD).
If I try to encrypt the drive without Running the BitLocker system check first, it encrypts just fine, but I'm forced to input the Recovery key on each and every boot (and yes, I did try to suspend BitLocker protection and re-enabling it after reboot), which gets annoying really fast. If I do perform the system check first, the computer reboots and an error message is displayed: "BitLocker could not be enabled. The BitLocker encryption key cannot be obtained from the Trusted Platform Module. C: was not encrypted.". Afterwards, I can find a Warning in the Event Viewer (which I believe is related to this), under Windows Logs > Applications and Services > Microsoft > Windows > BitLocker-API > Management, saying "TCG Log parsing failure. Error: An internal error has occurred within the Trusted Platform Module support program. Event ID: 832, ErrorCode -2144845823".
I have tried to fix this using multiple solutions/guides online from other forums and support pages, but none of them either applied to my situation, nor did they work. If you need more information about my setup, just ask and I can provide any other logs and info needed.
Thanks in advance, and have a nice day .
I'll just get straight to the point. I've built myself a new desktop PC in November, and a few days ago I decided to add a TPM module to it and encrypt my drives with BitLocker. However, I'm having problems getting them both to work properly.
I'm running Windows 10 Pro, my motherboard is ASUS Z170-A and the UEFI BIOS is updated to the latest version. The TPM is enabled in the BIOS, as are Secure Boot and UEFI, which are the requirements to using the TPM on Windows 10.
When I open the TPM administration console, the status of the TPM is "The TPM is ready for use, with reduced functionality". If I click on Prepare the TPM, it briefly checks my TPM configuration, and then displays a message "The TPM security hardware on this computer is ready for use, with reduced functionality (consistent with previous OS versions)". Please note that there was no previous OS installed on this computer, and the Event Viewer doesn't seem to show any logs relevant to this message. I have tried Clearing the TPM multiple times, but the results are the same afterwards, even if I disable auto-provisioning using the PowerShell (the TPM simply takes longer to get prepared then). I am using the default, Microsoft-provided driver. I have also tried to clear the TPM from BIOS and disabling then re-enabling it, also to no avail.
Another problem, which I believe is directly related to this one is with BitLocker. I have no troubles encrypting/decrypting USB drives encrypted with BitLocker to Go, but I'm not able to properly encrypt the OS drive (Samsung 960 EVO M.2 SSD).
If I try to encrypt the drive without Running the BitLocker system check first, it encrypts just fine, but I'm forced to input the Recovery key on each and every boot (and yes, I did try to suspend BitLocker protection and re-enabling it after reboot), which gets annoying really fast. If I do perform the system check first, the computer reboots and an error message is displayed: "BitLocker could not be enabled. The BitLocker encryption key cannot be obtained from the Trusted Platform Module. C: was not encrypted.". Afterwards, I can find a Warning in the Event Viewer (which I believe is related to this), under Windows Logs > Applications and Services > Microsoft > Windows > BitLocker-API > Management, saying "TCG Log parsing failure. Error: An internal error has occurred within the Trusted Platform Module support program. Event ID: 832, ErrorCode -2144845823".
I have tried to fix this using multiple solutions/guides online from other forums and support pages, but none of them either applied to my situation, nor did they work. If you need more information about my setup, just ask and I can provide any other logs and info needed.
Thanks in advance, and have a nice day .