Unable to take ownership or use the contents of the Trusted Platform Module
Dell Data Protection | Access versions 2.0.X, 2.1.X, 2.2.X installed on:
Latitude E4310, E4320, E5410, E5420, E5420m, E5430, E5510, E5520, E5520m, E5530, E6220, E6320, E6330, E6410 (ATG), E6420 (ATG, XFR), E6430, E6510, E6520, XT3 (XFR)
Precision Mobile M2400, M4400, M4500, M4600, M6400, M6500, M6600
Precision Desktop R5500, T1500, T1600, T3500, T3600, T5500, T5600, T7500, T7600
Optiplex 380, 580, 760, 765, 790, 960, 980, 990, XE
To utilize the TPM chip, the chip needs to be enabled and activated in the BIOS, and supporting files and services need to be in place, and cannot be locked. Some or all of the actions listed below may be required to make the chip available.
- Check the TPM status in the BIOS.
- Enter the BIOS (Select F2 during boot at the Dell splash screen)
- Navigate to Security or TPM Security (varies by machine)
- Confirm the TPM is ON and ACTIVATED. If these actions are needed, a second boot to the BIOS to activate after turning the TPM on will be necessary
- If the TPM is already ON and ACTIVE; do not clear the TPM unless prior data stored in the TPM is unwanted
- If the TPM is ON and ACTIVE; confirm the Operating System (OS) recognizes the TPM driver.
Vista/Windows 7 – Select Start > Control Panel > System > Device Manager > Security Devices to view the TPM.
XP – Select Start > Control Panel > System > System Properties > Hardware > Device Manager > Security Devices to view the TPM.
If there is no listing; the driver has either not been installed or was corrupted during installation. Installation should be performed with firewalls and antivirus disabled.
The driver is available on the OEM support site for your make and model of equipment
Once TPM is ON and ACTIVE and the driver has been installed successfully allowing the device to be seen in the Device Manager; verify the NTRU service is available and has been started.
Navigate to the Control Panel > Admin Tools > Services and look for a listing for NTRU TSS. If the Status is not listed as Started; select Start the Service. The Startup Type should be listed as Automatic to make the service available on boot up.
NTRU is installed as part of the driver packages. Installation of the driver pack should be performed with firewalls and antivirus disabled.
Drivers are available on the OEM support site for your make and model of equipment.
With the TPM ON and ACTIVE and the NTRU Service started; should the TPM remain inaccessible, the TPM may be locked.
Determine if the TPM is locked:
Using the paths below, search for listed files, and delete if the exact match of file (.lock extension) is found. DO NOT remove files that do not have the .lock extension on the file. (Please enable ‘show view of hidden files and folders’)
C:\Documents and Settings\\Local Settings\Application Data\NTRU Cryptosystems\TSS\user_keys.keys.lock
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU CryptoSystems\Key_registry.dat.lock
Locked TPM chip:
Too many failed attempts to access the TPM will cause a lockout state for the TPM chip on the motherboard. This is by design of the manufacturer of the TPM.
Unlocking the TPM chip requires the machine to be powered on for at least 20 hours continuously. You will need to disable sleep or hibernation in order to allow the continuous time period until the lockout timer expires.
The lockout should be less than 24 hours and starts from a few seconds and will grow exponentially depending on the number of access failures.
Once the lockout clears, the TPM will be recognized within EMBASSY Security Center.
- Perform a TPM Clear and Enable/Activate in the BIOS and then take ownership of the TPM in Access.
- Open Access and select Advanced > Devices > Trusted Platform Module (TPM)
- If the Status shows as Not Active, select ‘activate’ and follow the prompts. Reboot the machine and select F10 to make the changes
- If the Status shows as Active, select ‘show’ and ‘take ownership’. Then select Next
- Create a TPM owner password and Next. Then select Finish
A backup of the TPM is strongly suggested. The TPM chip resides physically on the motherboard. If this board is corrupted or replaced, only a pre-existing backup of this TPM can provide access to the TPM data through a restore.
If the information provided above did not resolve your issue or you have any additional questions, please complete our Support Request Form