Frame.work blamed the Microsoft software. Brand new laptop. The link is the one in the error message. TPM was reset to try to remedy the issue, without success.
I’m guessing you / your organization signed up for the corporate pilot program with Framework? If so, I wonder if they have a business support line / channel instead.
No and no. No pilot program participation, and no Autopilot registration.
Well, the TPM specific error message is no longer appearing – and frustratingly I do not know why. The 365 login from Office just loops, and does not accept the password. You can log in to Office 365 in a browser without issue.
I would finish all windows updates before joining the machine to the domain, make sure you’re using a pro,education or enterprise key. Also, you should consider enrolling the devices in autopilot, pretty nice once it’s set up. Overview of Windows Autopilot | Microsoft Docs
All updates applied, all drivers updated, and DISM ran before Domain join. Logging in to 365 works fine from a local user account, but when logged in with a domain account fails with the 80090034 Encryption failed error. Using the same 365 account in both scenarios. No federation.
The error is still occurring, so I was mistaken to say it was no longer appearing. I found that Teams would eventually stop asking for a password after you enter it a dozen times. I gave up on Outlook after about 30 times.
I reset Windows back to OOB and that did not help either.
BTW, I have two brand-new frameworks here demonstrating the same behaviour.
Can you run an elevated PowerShell and run the “Get-Tpm” Command and see what it returns? I’ve attached both what my Framework machine is reporting for Tpm (Not domain joined, personal device, blue powershell window) and what my work laptop is reporting for Tpm (Hybrid AD Joined, company device, black powershell window) The results seem fairly similar to each other. Do your results look similar as well?
Yes, the Get-TPM returns normal results. I also tried renaming the AAD.Broker plugin package too. I have plenty of other laptops that do not have this issue, only the Frameworks do.
Maybe compare this list to that from the ‘functional’ laptops.
Are your other laptops also on TPM 2.0? (For example, it could be that because the Framework laptop is on TPM 2.0, and so, from the software side, it decided not to use some of the Deprecated commands…but you need to Allow the execution of the new ones explicitly)
Thank you very much A_A, and everyone else that helped. The issue was the DPAPI was not able to initialize when the laptop was not on the domain network with access to the RWDC.
