Change TPM Owner password?

Discussion in 'Microsoft Surface Pro 3' started by mgarr682, Mar 5, 2016.

  1. mgarr682

    mgarr682 New Member

    Joined:
    Mar 5, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    My Device:
    SPro3
    When trying to change the tpm owner password on my SurfacePro 3 I am getting the following error:

    Cannot change TPM owner password
    The TPM may not be in the correct state to perform this action. Try refreshing the TPM management console screen to see whether the action is still available.
    Authentication failed.
    Error code: 0x80280001

    Does anyone have any idea what the problem might be?
     
  2. mgarr682

    mgarr682 New Member

    Joined:
    Mar 5, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    My Device:
    SPro3
    After close to an hour on the phone with Microsoft support I was informed that Microsoft does not "support" issues with the TPM on the Surface Pro 3. Frankly, the three support people I spoke with had only minimal knowledge of TPM and how it works.

    If anyone here has any idea about how to take ownership of the TPM on the Surface Pro 3 I would appreciate any help.
     
  3. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,331
    Likes Received:
    1,279
    Trophy Points:
    113
    Um, your last sentence leads me to believe there is already a password on the TPM is that correct? If so that may explain the bailout.
     
  4. Votality

    Votality Member

    Joined:
    Nov 25, 2015
    Messages:
    72
    Likes Received:
    4
    Trophy Points:
    8
    My Device:
    SPro4
    The tpm chip used by the surface 3,4 i believe is the Infineon OPTIGA TPM 2.0. The package is called the tpm professional package but like a giant bunch of assholes Infineon don't allow you to download the package from them. (No end user support). Windows has built in tpm management but it sounds like you tried that. You might be able to google around and try to find the most recent version from another vendor. Maybe try here (untested) support:download detail:550949:TPM Professional Package Update (Infineon) Update version 4.3.3137.0.

    If you somehow break your sp3 or loose its data .. Don't blame me :p


    Edit: After googling a bit it seems people couldn't upgrade to win10 without removing it. There may be no version that works with win10


    Edit 1: "Microsoft has built in support for the TPM and extended management functions directly in Windows. The Infineon TPM Professional Package therefore is no longer required and Infineon has stopped further development and support for this product."

    Products - Infineon Technologies
     
    Last edited: Mar 9, 2016
  5. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,331
    Likes Received:
    1,279
    Trophy Points:
    113
    It would help to have some additional background information and what was done to get the error also other procedures attempted. Without a valid TPM authorization, wipe and reload is the only option.
    TPM_E_AUTHFAIL
    2150105089 (0x80280001)
    The current TPM owner authorization value is incorrect.
    ChangeOwnerAuth method of the Win32_Tpm class (Windows)

    Initialize and configure ownership of the TPM (Windows)

    It may be possible to use TPM.msc as Administrator to Clear the TPM however
    Important
    Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.

    Clearing the Trusted Platform Module (TPM) resets the TPM to an unowned state. After clearing the TPM, you need to complete the TPM initialization process before using software that relies on the TPM, such as BitLocker Drive Encryption.

    [​IMG]Important
    Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.

    i.e. Clearing the TPM would invalidate the contents of the C drive and you would have to reinstall Windows. Verify you have a bootable USB recovery drive or partition FIRST and have backed up any data you wish to preserve.
     
  6. mgarr682

    mgarr682 New Member

    Joined:
    Mar 5, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    My Device:
    SPro3
    After spending more time on this issue I found that the status of the TPM was showing as "The TPM is ready for use, with reduced functionality." An explanation of that message was found at the bottom of this page:

    TPM fundamentals (Windows)

    I cleared the TPM as outlined on that page, selected reboot, and was taken to an AMI bios page telling me to hit F12 to clear the TPM along with a warning that I would lose all keys and data protected by those keys, much like the warning at the bottom of the page cited above. I hit F12 to approve the action and the SP3 then booted to the windows log in screen. That surprised me as I assumed clearing the key would clear whatever key bitlocker was using to encrypt the drive and I would have to reinstall the operating system. After logging in I ran tpm.msc and the status of the TPM showed "ready for use." I was then able to change the owner password for the TPM.

    Checking the status of bitlocker still showed the drive to be a bitlocker drive and still encrypted. I printed a backup of the recovery key and found it unchanged from the recovery key printed last summer when the tablet was new. I then ran "manage-bde -status" to get the bitlocker status of the drive and found that it was using software encryption at the AES 128 level.

    I had assumed that Microsoft would use a drive capable of hardware encryption, at least in the "Pro" versions of their tablets since bitlocker is a key feature of the SP3. Is that not the case?
     
  7. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,331
    Likes Received:
    1,279
    Trophy Points:
    113
    I don't know, its a miracle or a horrendous bug.
    I guess the FBI wishes San Bernardino guy had a MS phone. :)
     
  8. leeshor

    leeshor Well-Known Member

    Joined:
    Jun 19, 2012
    Messages:
    5,071
    Likes Received:
    877
    Trophy Points:
    113
    Location:
    Norcross, GA
    My Device:
    SPro4
    If an Android phone user has not modified their original systems settings, and they are on Marshmallow, and it's PIN or PW protected it isn't that much different from an Apple phone. If you try to reset the phone you can't access it without inputting your original account info. Google is trying to stop phone theft too but they have made it a little harder for someone to sell their phone.

    If you have access and remove the account first it's supposed to be OK to reset.
     

Share This Page

Search tags for this page

cannot change tpm owner password

,
how to change password on surface pro
,

how to get tpm owner password

,
surface book tpm owner password default
,
surface pro 4 can not change tpm owner password
,
surface pro tpm owner password
,
tpm how to change owner forgotten password
,

tpm owner

,

tpm owner password

,
win10 tpm ownership password