Trusted Platform Module (TPM) Error Messages in Windows

Purchased four laptops, and three out of four have had hardware issues.

Two of the laptops are presenting error messages in Windows related to the TPM.

"Something went wrong

Your computer’s Trusted Platform Module has malfunctioned. If this error persists, contact your system administrator with the error code 80090034.

More information: Troubleshoot hybrid Azure Active Directory-joined devices | Microsoft Docs

Additional problem information

Error code: 80090034

Server message: Encryption failed."

Hi and welcome to the forum.

You don’t say if you have contacted Framework or how long you’ve had the laptops and when you first noticed the errors.

That error is not mentioned on the page via your link. blamed the Microsoft software. Brand new laptop. The link is the one in the error message. TPM was reset to try to remedy the issue, without success.

1 Like

I’m guessing you / your organization signed up for the corporate pilot program with Framework? If so, I wonder if they have a business support line / channel instead.

Is the device registered in Autopilot?

No and no. No pilot program participation, and no Autopilot registration.

Well, the TPM specific error message is no longer appearing – and frustratingly I do not know why. The 365 login from Office just loops, and does not accept the password. You can log in to Office 365 in a browser without issue.

So, software / configuration issue then? (Most hardware don’t go from non-working back to a functional state)

1 Like

I would finish all windows updates before joining the machine to the domain, make sure you’re using a pro,education or enterprise key. Also, you should consider enrolling the devices in autopilot, pretty nice once it’s set up. Overview of Windows Autopilot | Microsoft Docs

All updates applied, all drivers updated, and DISM ran before Domain join. Logging in to 365 works fine from a local user account, but when logged in with a domain account fails with the 80090034 Encryption failed error. Using the same 365 account in both scenarios. No federation.
The error is still occurring, so I was mistaken to say it was no longer appearing. I found that Teams would eventually stop asking for a password after you enter it a dozen times. I gave up on Outlook after about 30 times.
I reset Windows back to OOB and that did not help either.

BTW, I have two brand-new frameworks here demonstrating the same behaviour.

Can you run an elevated PowerShell and run the “Get-Tpm” Command and see what it returns? I’ve attached both what my Framework machine is reporting for Tpm (Not domain joined, personal device, blue powershell window) and what my work laptop is reporting for Tpm (Hybrid AD Joined, company device, black powershell window) The results seem fairly similar to each other. Do your results look similar as well?

Yes, the Get-TPM returns normal results. I also tried renaming the AAD.Broker plugin package too. I have plenty of other laptops that do not have this issue, only the Frameworks do.

Open up TPM.msc Do you have some command blocking happening in there?

Maybe compare this list to that from the ‘functional’ laptops.

Are your other laptops also on TPM 2.0? (For example, it could be that because the Framework laptop is on TPM 2.0, and so, from the software side, it decided not to use some of the Deprecated commands…but you need to Allow the execution of the new ones explicitly)

Also, tried any of the solutions from here?

Specifically…the one regarding ProtectionPolicy registry key…more details here:

1 Like

Try updating the drivers using this tool.

Thank you very much A_A, and everyone else that helped. The issue was the DPAPI was not able to initialize when the laptop was not on the domain network with access to the RWDC.

1 Like

Glad it was resolved and working. Hoping to convince my boss to get a batch of Frameworks for our domain as well.

The laptop’s are awesome, the support not so much. Early days.

1 Like