TPM issues since the 2026 certifate updates

Question

TPM issues since the 2026 certifate updates

cliff winchcombe 0

my PC was working fine til the new 2026 certifcates came out.

now constant lockups freezes and bootup issues relating to TPM. event ID17 TPM failed to load components.

updated BIOS which sorted the TPM issues for a few weeks now its back to TPM errors on bootup

failing to generate mindumps. critial error disrupted com. Missing DlL's. all sorts.

did a clean install of windows made no diferance.

everytime it locks up i have to turn off the power to shut down and reset CMOS then boot up again check the event logs and dif errors every time. mosty critial discrupted com and TPM errors

replaced the boot drive. stripped my PC down and rebuilt it made no diferance. replces the PSU as it was giving eroe on that about power surges. stil the same.

motherboard is only 6 months old.

new PSU. total rebuld of the system a few months before the issues started with all new parts. worked fine with 25H2 til the new certifatces got put on my system then nothing but trouble.

tried to update the BIOS again in case its a BIOS issue as a newer 1 came out but it refuses to let me use Mflash from BIOS or the M flash button on the back.

seems to be getting worse every day at 1st 1 reboot fixed it and it worked fine for the rest of the day. now its freezing up every few hrs. total lock up. now and then i get a msgs saying device ran into a problem and is reboting then locks up. but as part of the msg is off the screen i cant see what the error msg is as its off the bottom of the screen

as im having to turn the power off at the PSU to turn it off or hit the reset CMOS button its corrupting the entire system files.

ran a regisrty cleaner program which found errors and fixed them but that only works till next boot up.

waiting on a new mother baord to be delivered to put in to see if that fixes it as seems whatever the isue is has caused BIOS isues. already tried a diff graphics card. replaced the boot drive clean install of windows. tried runnig the PC with nothing but windows 11 on it and still doing it.

all issues that started with the new certificates. that required a BIOS update.

Before the BIOS update it was TPMwmi and secure boot errors that was shutting down my PC after about 2 hrs of switching on. fixed the TPM isue with the BIOS update but now getting the TPM issue again after windows updates.

So replaced my Boot drive clean install of windows didnt install anything else on it to test it and still the same issues'

no minidump as its failing to create 1 as thats causing issues and failing as well.

windows 11 pro

MSI X870E gaming wifi.

RTX4090

32GB DDR5 RAM

ryzen 9 9900x3d

adata 1tb NVME

the RTX GPU is the only part i didnt replace in my last rebuild 6 months ago. tried my old GTX1080TI to see if its a GPU issue but made no differance.

i was going to rebuild again back to the AM4 DDR 4 motherboard ive got but found the mother baord was damaged so cant test that as i have all the parts from my last rebuild.

so its either the BIOS update or the microsoft 2026 certifactes that forced me to update the BIOS that screwed up my system.

i tried to get a new BIOS as they have a new 1 out but go into BIOS use Mflash it wont let me instal the new BIOS/ tried using the Mflash buton on the back of the MB red light flashes a few times then goes solid red but nothing comes up on the screen to install the BIOS update. in Mflash via BIOS it does see the flash drive and the BIOS files on it but wont let me select them to do the update.

The BIOS date on there now is january 26 new new BIOS is april 26 but wont do the update to see if that fixes it.

cliff winchcombe 0 Reputation points

2026-05-26T17:36:27.4166667+00:00

now getting, system_service_exception (0x38) what failed Ntsf.sys.

says device ran into problem and needs to reboot then locked up so got to see the error message on it as its normally off the bottom of the screen but this time its in the middle. so even putting in a new NVME formated and clean install of windows didnt solve the problem. nothing installed on the system at all apart from windows. lost count of how many times i have reinstalled windows. seems to be every few days im having to do it. that only fixes it for 2 or 3 days till updates get put on it by windows.

so guess ill just have to wait til the new motherboard arrives and fit that and see if there is a probem with BIOS or CMOS stopping some things from loading on bootup. as its refusing to do Mflash with a new BIOS have no choice but fit another motherboard. al problems that started after being forced to update the BIOS to work with the new TPM/secure boot 2026 certificates which broke my PC. since then cionstant crashing things failin g to load correctly. clearing TPM did nothing at all reseting CMOS does nothing to fix it. tried al the option on the suggested fixes nothing fixes it. MSI checked and said its nothing to do with them it's windows causing the issue.

i would switch to linux but a lot of the programs i use on a daily basis wont work with linux as no linux options for them. IE im an online DJ and none of the DJ softeare i sue has a linux version for them and al the other DJ's ive spoke to al say the ame thign no linux options for them either as they tried it and had to go back to windows.

2 answers

Your answer

cliff winchcombe 0 Reputation points

2026-05-26T17:36:27.4166667+00:00

now getting, system_service_exception (0x38) what failed Ntsf.sys.

says device ran into problem and needs to reboot then locked up so got to see the error message on it as its normally off the bottom of the screen but this time its in the middle. so even putting in a new NVME formated and clean install of windows didnt solve the problem. nothing installed on the system at all apart from windows. lost count of how many times i have reinstalled windows. seems to be every few days im having to do it. that only fixes it for 2 or 3 days till updates get put on it by windows.

so guess ill just have to wait til the new motherboard arrives and fit that and see if there is a probem with BIOS or CMOS stopping some things from loading on bootup. as its refusing to do Mflash with a new BIOS have no choice but fit another motherboard. al problems that started after being forced to update the BIOS to work with the new TPM/secure boot 2026 certificates which broke my PC. since then cionstant crashing things failin g to load correctly. clearing TPM did nothing at all reseting CMOS does nothing to fix it. tried al the option on the suggested fixes nothing fixes it. MSI checked and said its nothing to do with them it's windows causing the issue.

i would switch to linux but a lot of the programs i use on a daily basis wont work with linux as no linux options for them. IE im an online DJ and none of the DJ softeare i sue has a linux version for them and al the other DJ's ive spoke to al say the ame thign no linux options for them either as they tried it and had to go back to windows.

Answer 1

Lychee-Ng 21,450 Microsoft External Staff Moderator

Hi cliff winchcombe,

I completely understand how frustrating this is, especially after all the changes and fixes you’ve already tried. What stands out from your description is the combination of TPM errors + BIOS update failing + needing CMOS resets, which points more toward a firmware/motherboard stability issue. At this point, I’d focus on a few targeted checks:

1 - Disable fTPM in BIOS and run the system for a few hours to test stability

Restart your PC and enter BIOS (usually press DEL during boot)
Go to Settings > Security > Trusted Computing (may vary)
Set AMD fTPM to Disabled > restart PC and use for a few hours
If it still freezes, TPM errors are likely just a side effect of a deeper issue.

2 - Force RAM to a lower JEDEC speed

Enter BIOS again > Disable EXPO / XMP / Memory Profile
Set RAM speed to 4800 or 5200 MHz > save and reboot.

3 - Try flashing BIOS again with a small USB

Format a USB drive (≤32GB) as FAT32
Download the latest BIOS from MSI on another device
Rename (as MSI requires) and copy only the BIOS file directly to the USB
Plug into the dedicated Flash BIOS USB port on your PC > use the rear Flash BIOS button.

If it still refuses to update or gets stuck, the board is likely not functioning correctly at firmware level. In addition, based on what you’ve described, this is much more likely a motherboard-level issue rather than something caused directly by Windows. You’re already on the right track with the replacement board.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

cliff winchcombe 0 Reputation points

2026-05-26T20:22:14.49+00:00

disabling TPM wont work as windows 11 wont boot at al if TPM is disabled.

XMP is not active at al and the RAM speed wont go over 3200mhz already tried that a the ryzen 9 doent owrk with higher speds than 3200 hz on the RAM.

is noramyl the 1st boot up of the day where the issue hapen. norammly fter an hr or 2 if freezes or device ran into a probelm and neds to rebot. then it takes 4 or 5 rebbots to get it to even post then onece its back up and runnig it works fine for the rest of the day. now and then it might freeze again after few hrs. sometimes after ive done lots of fixes it works fine for day or 2 till the next windows update then it breaks again.

as for updatig thje BOIS that doesnt work.

go into BIOS click mfalsh it reboots the PC but then refuses to elt me selct the BIOS file to do the update. so tried having the PC off and using the Mflash button on the back of the M. red light on the MB flashes a few times then goes solid red but nothig come sup on thje scren to say its updating the BIOS. left it al day and then turned off the PC and reboted same BIOS version its not even doing BIOS updates. hence why the new MB which ill fit when it arrives and try that.

tried firmware updates but have the lastest version already as windows did that in an update when the new certificates came out.

So think the Isue is the TPM module and secure boot got srewed up with windows updates or maybe the BIOS uipdate i did to try an fix the TPM isue with the updates migth of broke something. BIO date is january 26. latest BIOS i have im trying to put on is march 26 but the Mflash isnt working to try the update..

so al i can do now is wait til the new MB arrives and see how that goes.
Lychee-Ng 21,450 Reputation points Microsoft External Staff Moderator

2026-05-27T07:33:18.6766667+00:00
Thanks for the detailed update, really appreciate you taking time to share all the results. You're right that at this stage, there isn’t much more to troubleshoot on the software side. I just have a small suggestion when the new board arrives:

You should test with minimal setup first (CPU + 1 RAM stick + boot drive)

Enter BIOS once and load optimized defaults before installing Windows / enabling TPM

That helps make sure everything is stable from the start, and avoid the possibility of frying your new MB!

Answer 2

Event ID 17 from the TPM and recurring TPM failures after the 2026 Secure Boot certificate updates indicate a firmware/TPM hardware problem rather than an OS or disk issue.

Based on the provided information and the documented behavior for similar TPM issues, the next steps are:

Update all firmware and Windows components
1. Ensure the latest Windows Servicing Stack Update (SSU) and Cumulative Update (CU) are installed. These are required for reliable TPM and Secure Boot behavior.
2. Check MSI’s support site for:
  - Latest BIOS/UEFI firmware for the X870E Gaming WiFi.
  - Any TPM or security-related firmware updates.
3. If BIOS update tools (M-Flash, rear Flash BIOS button) are failing, treat this as a potential board/firmware fault and proceed to hardware escalation (see step 5).
Check for known TPM hardware issues Event ID 17 (“The Trusted Platform Module (TPM) hardware failed to execute a TPM command”) is documented as a TPM device issue that prevents Windows from reliably using TPM-dependent features (BitLocker, modern authentication, next-generation credentials). The recommended actions are:
1. Confirm all Windows updates are installed (SSU + latest CU).
2. Confirm the motherboard BIOS and TPM firmware are fully up to date from MSI.
3. If the issue persists after updates, contact the motherboard vendor to diagnose the TPM device. This is explicitly recommended when Event ID 17 continues after firmware and OS updates.
If BitLocker/Device Encryption is enabled
1. If BitLocker or Device Encryption is using PCR[7] and the system hits recovery or boot issues after firmware changes, check:
  - Event ID 24658 in Windows Logs > System (BitLocker-Driver) for unexpected Secure Boot configuration changes.
  - Event ID 817 in Application and Services Logs > Microsoft > Windows > BitLocker-API > Management to compare PCR[7] values across boots.
2. If repeated recovery or TPM binding issues are seen, consider:
  - Suspending BitLocker/Device Encryption temporarily.
  - After hardware/firmware is stable, re-enabling BitLocker so keys are resealed to the TPM.
TPM-specific remediation steps If the TPM is intermittently failing or locked out, the documented steps are:
1. In UEFI/BIOS, disable the TPM, save, and boot into Windows once.
2. Reboot, re-enter UEFI/BIOS, and re-enable the TPM, then boot into Windows again.
3. If TPM still fails to prepare or continues to log critical errors, clear the TPM as a troubleshooting step:
  - Open Windows Security (Windows Defender Security Center).
  - Go to Device security → Security processor details → Security processor troubleshooting → Clear TPM.
  - Follow the prompts to restart and confirm.
  - Warning: Clearing the TPM removes all TPM keys and can cause data loss (for example, BitLocker keys, PINs, virtual smart cards). Ensure all important data is backed up and BitLocker recovery keys are safely stored before clearing.
Treat this as a likely motherboard/TPM hardware fault The combination of:
- Persistent Event ID 17 TPM command failures after clean OS install and disk replacement.
- BIOS update mechanisms (M-Flash, rear flash button) not functioning correctly.
- System instability and failure to generate minidumps.
aligns with the guidance that, after OS and firmware updates are applied, remaining TPM failures should be escalated to the hardware vendor. For TPM 1.2 systems the guidance is to update firmware and, if unresolved, replace the motherboard; the same principle applies here:
1. Proceed with the replacement motherboard that is already on order.
2. After installing the new board:
  - Install the latest BIOS/UEFI from MSI before putting the system into production.
  - Verify TPM is enabled and properly detected in Windows.
  - If BitLocker/Device Encryption is used, enable it only after confirming stable boots with no TPM errors in the System log.
If issues persist on the new motherboard
1. Re-check for Event ID 17 or other TPM-related events.
2. Ensure Secure Boot certificate updates and Windows updates are fully applied.
3. If the same TPM errors occur on a second board with current firmware and a clean OS, escalate directly to MSI support with:
  - Event logs (especially Event ID 17 and any BitLocker/TPM events).
  - Firmware versions (BIOS, TPM) and confirmation that SSU/CU are installed.

These steps follow the documented path: update Windows and firmware, reset/clear TPM with appropriate precautions, and if TPM errors persist (especially Event ID 17) after that, work with the hardware vendor and, if necessary, replace the motherboard.

References:

Share via

TPM issues since the 2026 certifate updates

2 answers

Your answer