ryanxcii 0 Posted May 17, 2023 Share Posted May 17, 2023 Hi, After we updated Windows Update KB5026361 for Windows 10, Most of devices got the message error: "A TPM Mode was in use but the TPM failed to initialize correctly. You will need to decrypt this system." Workaround: - Decrypt devices by using the encryption recovery tool However, after decoding successfully, the system still cannot boot inside OS and seem EFI bootloader got an issue. May I know why the issue happens and how I can avoid the issue in the future? Thank you. Link to comment Share on other sites More sharing options...
ESET Staff AAndrejko 11 Posted May 17, 2023 ESET Staff Share Posted May 17, 2023 Hello, I am sorry to hear you've had issues with our software after updating Windows. We aren't aware of any issues with updating Windows 10 at this time that causes this issue. It seems like the TPM has been reset or is unable to properly boot in time for our bootloader to use it. I will attempt to update a test system with the Windows update now to see if I can replicate the issue although we are updating test devices daily with the latest Windows updates. I understand you've gained access to the systems now after the failure, is that correct? Link to comment Share on other sites More sharing options...
ESET Staff AAndrejko 11 Posted May 17, 2023 ESET Staff Share Posted May 17, 2023 Just a follow up, I've updated a test device with the update you've stated but I've not been able to reproduce the issue you've described. I would suggest you look at other updates that have been applied at this time. Historically I've seen a few whereby firmware updates have caused the TPM to reset, however you've stated most of your devices. Are these devices all the same, perhaps there's a firmware update causing this which has recently been rolled out? Link to comment Share on other sites More sharing options...
ryanxcii 0 Posted May 18, 2023 Author Share Posted May 18, 2023 Hi AAndrejko, I've checked and devices are the same model, it's HP devices. Other models like Dell still working well. Below is the log of Windows Update 2023/05/16 13:26:28.4539914 1088 16568 ComApi Deserialized installable update 2023-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5026361), UpdateID = {0D469809-72D2-412A-83A3-29B9175A8469.200}, CallbackInfo cookie length = 1554 2023/05/16 13:26:28.4540202 1088 16568 ComApi Reload successful, UpdateID = 0D469809-72D2-412A-83A3-29B9175A8469.200, CallbackInfo cookie length = 1554, Current deployment action = 1, New deployment action = 1 2023/05/16 13:26:28.6219588 1088 16568 ComApi Serializing CUpdate 0D469809-72D2-412A-83A3-29B9175A8469.200 2023/05/16 13:26:28.6225811 1088 16568 ComApi Update serialization complete. BSTR byte length = 35770, CallbackInfo cookie length = 1554 2023/05/16 13:27:49.5937334 5172 15284 Shared UninitializeSUS 2023/05/16 13:27:49.5937476 5172 15284 Misc CSusClientGlobal::DoServicePreShutdown 2023/05/16 13:27:49.5937531 5172 15284 IdleTimer Idle timer disabled in preparation for service shutdown 2023/05/16 13:29:41.5090293 3692 4124 Agent Windows Update access disabled: No 2023/05/16 13:29:41.5090302 3692 4124 Agent Do not connect to Windows Update Internet locations: Yes 2023/05/16 13:29:41.5142288 3692 4124 Agent Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2023-05-17 01:15:50, not idle-only, not network-only 2023/05/16 13:29:41.6564561 3692 4124 Agent Initializing Windows Update Agent 2023/05/16 13:29:41.6580579 3692 4124 DownloadManager Download manager restoring 0 downloads 2023/05/16 13:29:41.6664095 3692 4124 Agent CPersistentTimeoutScheduler | GetTimer, returned hr = 0x00000000 2023/05/16 13:29:41.6715712 3692 4124 Agent Attempt 1 to obtain post-reboot results for event with cookie 31033034_3387397330. And System event log Seem TPM got error during updating Windows Update. I checked TPM from BIOS and it still has been enabled after the issue happened. I also checked the release note of KB5026361 but there are no related TPM. I wonder if there is any other reason for TPM to fail? Link to comment Share on other sites More sharing options...
ESET Staff Solution AAndrejko 11 Posted May 18, 2023 ESET Staff Solution Share Posted May 18, 2023 If the TPM errors are occurring whilst Windows was installing the update then I would suggest updating the TPM firmware if possible or contacting HP before updating any other HP devices using our software. It may be possible the Windows update isn't compatible with the systems TPM firmware or 3rd party software has caused this issue resulting in the TPM not behaving as expected. Unfortunately our software cannot control what other software or firmware does with the TPM so in this case another party I believe is the cause. ryanxcii 1 Link to comment Share on other sites More sharing options...
itman 1,741 Posted May 18, 2023 Share Posted May 18, 2023 Microsoft has an article on how to update your TPM firmware: https://support.microsoft.com/en-us/windows/update-your-security-processor-tpm-firmware-94205cbc-a492-8d79-cc55-1ecd6b0a8022 on Win 10. ryanxcii and AAndrejko 2 Link to comment Share on other sites More sharing options...
ryanxcii 0 Posted May 19, 2023 Author Share Posted May 19, 2023 Thank you for suggestions, I will try to update the TPM firmware. Link to comment Share on other sites More sharing options...
Recommended Posts