Author Topic: The Trusted Platform Module (TPM) firmware has a known security problem Error  (Read 13378 times)

0 Members and 1 Guest are viewing this topic.

Offline wmcole

  • Newbie
  • *
  • Join Date: Sep 2016
  • Posts: 5
  • Karma: 0
    • View Profile
Windows 10 "Fall Creators Update", build 16299 on HPz840 workstation.  This event showed up after the "Creators Update" and its first patch from Windows Update.

-------------------------------------------
Event log:
Log Name:      System
Source:        Microsoft-Windows-TPM-WMI
Date:          11/18/2017 5:11:01 PM
Event ID:      1794
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      TIGER
Description:
The Trusted Platform Module (TPM) firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572

-----------------------------------------------------------

I installed the latest BIOS (UEFI) and Intel chip set drivers as well as Intel Management Engine drivers and this event did not go away.  I ran Tweaking.com starting with all the pre-repair steps, booting each time into safe mode.  That SEEMED to cure the problem including a slew of DCOM permission problems (event 10016) that occured during shutdown.  However, it also caused a new DCOM error during startup for two components like this:
-----------------------------------------------------
Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          11/18/2017 5:10:03 PM
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      TIGER
Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{10DA4F3C-CC99-4190-BE4D-58330754E882}
 and APPID
{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
----------------------------------------------------------------

I ran the "preset: Permissions Only" repair thinking it would clean those errors up.  And it did for those components, but lead to the permissions event for the component as posted above and the TPM error returned.

Any ideas on how to solve these two issues once an for all?

NOTE: Neither HP nor Microsoft websites offer any solutions.

Thanks for any help that can be offered.

NOTE2:  I ponied up for the "Pro" version of Tweaking, so if there is in the Advance Repairs or Tools tab that can help with repair or diagnosis, those options are available to me.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Since updating to 1709 on a Toshiba laptop using AMD I'm getting the DCOM 10016 errors as well as other related errors because the WAS service cannot start because of invalid data.

I ignore the DCOM 10016 and 10010 errors and the Google fix for the WAS error didn't work.

However, these don't seem to have a detrimental effect on the machine's performance other than perhaps it taking longer to boot up which I can live with.

If you have a Microsoft account you can send feedback on these errors, but if they aren't causing problems then I'd just ignore them.

The average user generally isn't aware of the Event Viewer and just gets on with using the machine.

You could use the program's Registry Restore to go back to before its last run which resolved the TPM error as a compromise and forget about the DCOM errors.

If you register on the HP forum, there may be someone who can provide a link to update the TPM or if they are also getting that error - if they have found a workaround.

https://h30434.www3.hp.com/

I don't know if Intel's auto detect would find an update for you but you could give it a try - https://www.intel.com/content/www/us/en/support/detect.html




Offline wmcole

  • Newbie
  • *
  • Join Date: Sep 2016
  • Posts: 5
  • Karma: 0
    • View Profile
Thanks for the suggestions.  I, too, generally ignore the DCOM errors, but I'm in pursuit of faster startup.  (Currently about 2.5 minutes from power-up to Win 10 lock screen, then another 1.5 - 2.5 mins of spinning circles to desktop and spinning mouse pointer on desktop until I can run an application.)  And I've run out of the "simple fixes" like turning of the AppExperience scanner, indexing and unnecessary application installed startup routines.  Yeah, I should just enjoy powering on, going to get my coffee, logging in and going to get my snail-mail THEN coming back to a machine finally ready to get my email (perks of being retired).  But with "too much time on my hands" I get off on tangents looking for perfection :sad:.

Anyway, after posting I revisited HP support drivers / software site and found an update to Intel Management Engine firmware I had not yet gotten.  I first did a repair re-install of the latest IME Driver before installing the new IME firmware, and that got rid of the TPM errors and the original DCOM startup error.  Now I have 5 new DCOM errors relating to two DCOM CLSID / APPIDs. Hopefully I can deal with those using the MS TechNet solution (haven't checked yet).  The last one I could not do that with because neither the CSLID/APPID registry key nor the DCOMcnfg entry for the offending APPID existed.

But I'm happy that at least the TPM error has disappeared.  That one concerned me whereas the DCOM 10016 errors just irritate me.  :wink:

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
That's still a long time for it to boot up.

I have two Toshiba laptops that I upgraded to Win 10 - one is Intel and the other is AMD.

While I don't have any passwords set or have created a MS account, the Intel one boots up to the desktop in about a minute while the AMD one has settled down to about a minute and a half - when it first updated to 1709 it took over three mins.

I think the AMD's problem is the WAS service not starting which has other services that are dependent upon that starting - but once it's up it seems to run okay.

My brother says his desktop takes two mins to boot up.

I've turned off fast startup and Hibernate but that doesn't seemed to have done much for the AMD one.

You could create a Boot Log but I don't think they tell you that much as you can get it where it says it has failed to load a particular driver which is because it has already been loaded.

https://winaero.com/blog/enable-boot-log-windows-10/