- 7 minutes to read
- Windows 11
- Windows Server 2016 and above
This article provides information for the IT professional to troubleshoot the Trusted Platform Module (TPM):
Troubleshoot TPM initialization
Clear all the keys from the TPM
With TPM 1.2 and Windows 10, version 1507 or 1511, or Windows 11, you can also take the following actions:
- Turn on or turn off the TPM
For information about the TPM cmdlets, see TPM Cmdlets in Windows PowerShell.
About TPM initialization and ownership
Starting with Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM. This is a change from previous operating systems, where you would initialize the TPM and create an owner password.
Troubleshoot TPM initialization
If you find that Windows isn't able to initialize the TPM automatically, review the following information:
You can try clearing the TPM to the factory default values and allowing Windows to re-initialize it. For important precautions for this process, and instructions for completing it, see Clear all the keys from the TPM, later in this article.(Video) How To Enable TPM 2.0 on Windows 10 PC To Meet Windows 11 System Requirements
If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system.
If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in Turn on the TPM. When it's turned back on, Windows will re-initialize it.
If you're attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM isn't present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM.
Troubleshoot network connection issues for Windows 10, versions 1507 and 1511, or Windows 11
If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM can't complete when your computer has network connection issues and both of the following conditions exist:
An administrator has configured your computer to require that TPM recovery information be saved in Active DirectoryDomain Services (ADDS). This requirement can be configured through Group Policy.
A domain controller can't be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter).
If these issues occur, an error message appears, and you can't complete the initialization process. To avoid this issue, allow Windows to initialize the TPM while you're connected to the corporate network and you can contact a domain controller.
Troubleshoot systems with multiple TPMs
Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windowsdoes not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see Clear all the keys from the TPM, later in this article.
For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection isn't changed.
Clear all the keys from the TPM
You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM isn't cleared before a new operating system is installed, most TPM functionality will probably work correctly.
Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows operating system will automatically re-initialize it and take ownership again.
Clearing the TPM can result in data loss. For more information, see the next section, “Precautions to take before clearing the TPM.”
Precautions to take before clearing the TPM
Clearing the TPM can result in data loss. To protect against such loss, review the following precautions:
Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM.
Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator.
If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, you can turn off the TPM. For more information, see Turn off the TPM, later in this article.
Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Don't clear the TPM directly from UEFI.
Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To clear the TPM
Open the Windows Defender Security Center app.
Select Device security.
Select Security processor details.
Select Security processor troubleshooting.
Select Clear TPM.
You will be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
After the PC restarts, your TPM will be automatically prepared for use by Windows.
Normally, the TPM is turned on as part of the TPM initialization process. You don't normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
Turn on the TPM
If you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM.
To turn on the TPM (TPM 1.2 with Windows 10, version 1507 and higher)
Open the TPM MMC (tpm.msc).(Video) ENABLING TPM [ TRUSTED PLATFORM MODULE ] ON WINDOWS [10 , 8 , 7]
In the Action pane, select Turn TPM On to display the Turn on the TPM Security Hardware page. Read the instructions on this page.
Select Shutdown (or Restart), and then follow the UEFI screen prompts.
After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software isn't attempting to make changes to the TPM.
Turn off the TPM
If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM.
To turn off the TPM (TPM 1.2 with Windows 10, version 1507 and higher)
Open the TPM MMC (tpm.msc).
In the Action pane, select Turn TPM Off to display the Turn off the TPM security hardware page.
In the Turn off the TPM security hardware dialog box, select a method to enter your owner password and turning off the TPM:
If you saved your TPM owner password on a removable storage device, insert it, and then select I have the owner password file. In the Select backup file with the TPM owner password dialog box, select Browse to locate the .tpm file that is saved on your removable storage device, select Open, and then select Turn TPM Off.
If you don't have the removable storage device with your saved TPM owner password, select I want to enter the password. In the Type your TPM owner password dialog box, type your password (including hyphens), and then select Turn TPM Off.
If you didn't save your TPM owner password or no longer know it, select I do not have the TPM owner password, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.(Video) How to Safely Bypass the TPM 2 0, CPU,RAM, Secure Boot Requirement in Windows 11
Use the TPM cmdlets
You can manage the TPM using Windows PowerShell. For details, see TPM Cmdlets in Windows PowerShell.
- Trusted Platform Module (list of articles)
Clear the Trusted Platform Module (TPM)
From Start, select Settings (the gear icon) > Update & Security > Windows Security > Device Security. Under Security processor, select Security processor details > Security processor troubleshooting. Select Clear TPM. Restart the device and try to activate Microsoft 365 again.
Under “Advanced startup”, click on the “Restart now” button and choose “Troubleshoot” on the next screen. Choose “Advanced options” and click on the “UEFI Firmware Settings” option. On the UEFI Firmware Settings page, click on “Restart”. Locate Security Settings and enable TPM 2.0 if it is disabled.Can I install Windows 11 without TPM? ›
Important: An image install of Windows 11 will not check for the following requirements: TPM 2.0 (at least TPM 1.2 is required) and CPU family and model.Can a TPM sensor be repaired? ›
SImple. The Ken-Tool reCore kit provides everything you need to drill out the corroded valve core, tap new threads, and install a new, corrosion-proof valve core and stem. No need to have the TPMS computer re-learn the module. No need to even remove the tire or wheel from the vehicle!How do I test TPM on Windows? ›
Press [Windows Key] + R or select Start > Run. Type “tpm.msc” (do not use quotation marks) and choose OK. If you see a message saying a “Compatible TPM cannot be found,” your PC may have a TPM that is disabled.How to check TPM status in CMD? ›
First, use the keyboard shortcut Windows Key + R to bring up the Run dialog. Then type: tpm. msc and hit Enter or click OK. Next, The Trusted Platform Module (TPM) utility will launch.What happens when TPM fails? ›
Rest assured, if your drive is not encrypted and the TPM chip fails, you will still be able to access the drive to recover your data, that will be no problem. If the TPM chip failed, that would not stop you from entering BIOS, it would just cause the TPM functionality to not be available on your system.Will Windows 11 work if I disable TPM? ›
TPM is not required for Windows Subsystem for Android (WSA), but it is required to install Windows 11.How do I download TPM 2.0 for Windows 10? ›
Go to Start > Settings > Update & Security > Windows Security > Device security . Under Security processor, select Security processor details.Is it possible to bypass TPM? ›
If you have TPM 1.2, you can bypass TPM 2.0 and CPU check with Microsoft's official registry hack. Not to mention, there are several other methods to bypass the Windows 11 CPU, TPM, Secure Boot, RAM, and online account requirements.
One such issue is the requirement of 'Secure Boot' along with 'TPM 2.0' enabled computers. However, if you are using a UEFI BIOS Mode machine, you can pretty straightforwardly bypass TPM on Windows 11. You simply have to go to BIOS settings and enable the 'Secure Boot' and 'TPM 2.0' options.Can you add TPM 2.0 to a computer? ›
Can I Add a TPM to My PC? If you built your own desktop PC in the last few years and you're comfortable tinkering with hardware and software security settings in the system's BIOS, you can probably add a discrete TPM 2.0 chip to your motherboard.Can you enable TPM without reinstalling Windows? ›
The TPM cannot do anything without your operating system or programs doing work with it. Just "enabling" the TPM will do absolutely nothing and will not by itself make files inaccessible.Can TPM 2.0 be downloaded? ›
Many motherboards come with a software updater than can be used to check for updates, and it's also worth checking the website of the company in question to see if there is anything to download. Asus (opens in new tab), for instance, has TPM 2.0-enabling updates available to download.How much does a TPM sensor cost? ›
How much does it cost to replace a TPMS sensor? In the event TPMS sensors need to be replaced, the cost can range from approximately $50-$100 each depending on vehicle type.What happens if you don't replace TPMS sensors? ›
For any motorists that swap their tires out for changing seasons, it's crucial that the TPMS sensors are reactivated and recalibrated each time. If this is not done, the vehicle's TPMS will not perform properly and may cause the TPMS light to turn on.How often do TPMS sensors need to be replaced? ›
TPMS sensors are designed to last for many years – 5-10 years is a likely lifespan. Given their cost, most drivers will be inclined to replace TPMS sensors on an “as needed” basis – in other words, only once their batteries have expired, or other TPMS components have failed.What causes TPM device not detected? ›
If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system.Can a TPM chip fail? ›
A Trusted Platform Module (TPM) is a hardware-based security measure used to authenticate your PC. Sometimes, the TPM may malfunction, resulting in users not being able to access applications such as Outlook or Microsoft Office.How do I know if my TPM module is bad? ›
A message stating "TPM Chip Malfunction" may pop up in Microsoft Teams or in Office 365 applications. This message appears when the computer stops recognizing the built-in Trusted Platform Module security chip. Another symptom of this issue is constantly being prompted for a BitLocker recovery key.
The easiest way to check if you have a TPM chip is to run the get-tpm command via Windows PowerShell. To do this, type PowerShell in the Start menu search bar. Right-click on the Windows PowerShell result and choose Run as administrator. Click Yes on the confirmation window.How do I check my TPM in BIOS? ›
NOTE: To make sure TPM is turned on, you must press F2 to enter System Setup. Then go to the Security section and check that TPM is set to On under the TPM security settings.How do I update my TPM? ›
Navigate to System Settings > Security > Trusted Platform Module and update the TPM. Reboot the system once the update is complete.What causes TPM malfunction? ›
TPMS problems can include any of the following: A TPMS sensor that has stopped functioning because the battery has died. A TPMS sensor that is working intermittently due to a weak or failing battery. The TPMS module is not receiving a signal from one or more sensors because of an antenna or wiring fault.How much does it cost to replace a TPM? ›
TPMS Replacement Costs and What to Expect
In the event TPMS sensors need to be replaced, the cost can range from approximately $50-$100 each depending on vehicle type.
The purpose of the TPMS (Tire Pressure Monitoring System) is to alert you when tire pressure is too low and could create unsafe driving conditions. If the light is illuminated, it means your tires could be underinflated, which can lead to undue tire wear and possible tire failure.Where is the TPM sensor located? ›
Where is the tire pressure sensor located? It is inside the tire attached to the inner part of the rim. If you remove the tire from the rim, you'll see a small cylinder, which is the tire pressure sensor.