04-11-2017 09:50 AM
Hello HP community,
I've been upgrading our organization's laptops to Windows 10 and turning on BitLocker for TPM-enabled machines. We have a decent volume of the 6460b model (around 75), and I have gone through well over half of them without issue. I've had to turn the TPM on for several of them, but that's no problem.
However, last week, I was getting two more of the laptops updated and suddently encountered an error message when going to the TPM Management interface within Windows:
"Cannot load management console
"Loading of the management console failed. The device that is required by this cryptographic provider is not ready for use. (Exception from HRESULT: 0x80090030) Try again."
The TPM shows in the device manager, but not in Speccy. The option in the BIOS for TPM controls is greyed out.
I've tried the following and seen no change in symptoms:
- Uninstalling the TPM from the device manager and letting it re-install.
- Checking for any additional Windows updates.
- Updated the chipset drivers directly from the HP support site.
- Modifying the permissions in the BIOS to ensure that TPM options are set to "Change" rather than "View" or "Hide."
- Updating the BIOS with files from the HP support site.
What other information could I provide that would help identify the issue here? It seems like the TPM is there because it continues to re-install itself after I remove it from the device manager. Further, the error indicates that it's not ready for use, implying that it's there.
But is it possible I have a few models that don't have TPMs? I thought it would be an odd coincidence for me to encounter two of these at the exact same time after handling dozens with no issues.
Thanks in advance.
Solved! Go to Solution.
04-17-2017 08:19 PM
We're having this problem on an EliteBook 820 G3. Out of curiousity, are your affected machines running the Windows 10 Creator Update (v1703, build 15063)? We have multiple other PCs running Windows 10 Aniversary Update (v1607) that don't seem to have a problem. This experiemental EliteBook was just upgraded, though, and I have to wonder if they're related.
04-18-2017 09:53 AM
Now that you mention it, I think you're on to something. I'm pretty sure the issue coincides with when we updated our Windows boot devices with v1703. That could possibly be the issue.
I'm setting up another 6460b today with v1703; if I can, I'll see if I can get an installation without 1703 on there and see what happens. I'll circle back today with whatever I find out.
04-19-2017 08:07 AM
Okay, here's what I figured out.
There are generally two ways to get to that TPM menu in the BIOS that allows you to push F1 to enable the TPM, and F2 to cancel:
1. Through the TPM management interface in Windows while logged in as an administrator. By selecting the option to "Prepare the TPM," it will restart the computer and take you to the menu.
2. By entering the BIOS directly upon booting up the device.
I typically go with the first option because many of the devices I encounter already had the TPM enabled, so it was simply easier to skip navigating the BIOS. Here are the two hurdles I encountered.
The first is this. If the TPM is not enabled, Windows build 1703's TPM management interface throws an error instead of giving the option to Prepare the TPM. There's no way to pursue option 1 above as a result, so I had to go with option 2.
However, the second hurdle was that the option for TPM management was greyed out in the BIOS. Initially, I thought the BIOS needed resetting or updating, but that didn't work.
My naivety was a factor, though. The key thing I discovered was that, in order to access the menu in the BIOS without using the OS interface prompt, you need to enable the Admin password on the BIOS. Then the option isn't greyed out anymore - I was able to go in, enable the TPM, and move on. Once the TPM is active, 1703 doesn't seem to have issues with it.
A follow up thought to this is that the model of computer didn't have anything to do with the issue, other than the fact that the 6460b has the TPM turned off by default. The dozen or so other models of computer I've worked with over the last couple weeks didn't have the problem with 1703 because their TPMs are already on.
Thanks to cofialan for prompting me to think about it a bit differently. I would consider this resolved from an HP standpoint.
04-19-2017 12:27 PM
It looks like the exact fix is model-specific, too. Our test EliteBook 820 G3 let me enable the TPM without a BIOS password. The tpm.msc console then worked fine. On a ProBook 440 I do have to have a BIOS password to get the TPM configuration link enabled. Hopefully Microsoft delivers a fix so that we can use tpm.msc to enable and prepare the TPM. Or, that they clarify that this is a new requirement in v1703 and a fix to update the error message to say so (you know, in a perfect world.