I installed a TPM in my home computer recently. It runs Windows 10, version 2004, build 19041.388 (64-bit) using a Local Account. The motherboard is an ASUS X99 Deluxe with the latest BIOS. I have updated the Intel ME firmware to the latest version. And I have also updated the firmware on the TPM to the latest version. All these updates were successful.
According to Windows Security, the TPM is functioning properly and is ready for storage and attestation. Likewise, tpm.msc shows that the TPM is ready for use. However, with every boot I get the following error in Event Viewer. It seems to be saying that attestation with a Microsoft server is failing.
I have cleared the TPM multiple times, and it makes no difference. And I know that I can disable the task that that is failing (AikCertEnrollTask), but I would really like to solve the underlying issue. Anyone have an idea? I am stumped!
CertificateServicesClient-CertEnroll: Event ID 87
SCEP Certificate enrollment for Workgroup\OfficePC$ via https://IFX-KeyId-XXXXXXXXXXX.microsoftaik.azure.net/templates/Aik/scep failed:
TPM 2.0: Public and sensitive portions of an object are not cryptographically bound. 0x802800a5 (-2144862043)