How to Reset a TPM Lockout
Applies To: Microsoft BitLocker Administration and Monitoring
The Encrypted Drive Recovery feature of Microsoft BitLocker Administration and Monitoring (MBAM) encompasses both the capture and storage of data and the availability for tools needed to manage the Trusted Platform Module (TPM). This topic covers how to access the centralized Key Recovery data system in the MBAM Management Console, which can provide a TPM owner password file when a computer ID and associated user identifier are supplied.
A TPM lockout can occur if a user enters the incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies from manufacturer to manufacturer.
To reset a TPM lockout
Open a web browser and navigate to the MBAM Management website.
In the left-side navigation pane, select Manage TPM. This will display the Manage TPM page.
Enter the fully qualified domain name for the computer and the computer name and enter the user’s Windows logon domain and user name of the user to retrieve the TPM owner password file. Select one of the predefined options in the Reason for requesting TPM owner password file drop-down menu. Click Submit.
Microsoft BitLocker Administration and Monitoring will return one of the following:
An error message if no matching TPM owner password file is found
The TPM owner password file for the submitted computer
Note
If you are an Advanced Helpdesk user, the user domain and user ID fields are not required
After the TPM owner password is retrieved, the owner password will be displayed. The password can be saved to a .tpm file by clicking the Save button.
The user will run the TPM management console and select the Reset TPM lockout option and provide the TPM owner password file to reset the TPM lockout.