Forum Discussion
TPM Attestation Not Supported after AMD Ryzen Upgrade
ultimatediddy Yes I have the exact same problem. Upgraded from 5600X to 5800X3D. EKCert is missing. I’m on build 22623.1255.
- Did you stay with your 5800X3D or did you roll back to your old CPU?
I'm not sure how this issue will impact Windows functionality in the future.
When I look at the Windows 11 AMD CPU Support List there is no entry for the 5800X3D and the 5700x- I am staying with the 5800X3D. I have spoken with Rudy from Call4Cloud who said a good few people have reported it to him so hopefully Microsoft might release a patch. The only functionallity that seems to use it is Intune and AutoPilot so it doesn't seem like a big deal. I woudln't worry too much about the support list, both those processors should be on it, probably just not updated.
https://call4cloud.nl/2021/11/the-pursuit-of-happy-uhhh-tpm-amd-happyness-part-3/
There was another issue before this one which seems to be fixed in 22360, only a few weeks ago, but this is a new problem again.- Thanks for your response. Would be nice if we could get an official answer by Microsoft if this is a known issue and that it does not impact windows functionality.
I already read that post.
- Hi,
yes I spent hours and days of testing and trying....
Resettet my TPM several times, according to different guides I found.
With my old CPU I have a certificate but with my new one it remains emptry.
I have this problem with Windows 10 (latest official build) and with Windows 11 fresh installed and updated.
I found out that there is a service in the Task Planer that seems to be responsible to obtain this certificate.
You can find it in Task Planer: \Microsoft\Windows\CertificateServicesClient the name is AikCertEnrollTask. But it fails with different errors.
In eventlog I found repeating entries of an error code 86 CertificateServicesClient-CertEnroll that is failing. - Why do my replies disappear after some time I posted them.....
- Hi,
yes I spent hours and days of testing and trying....
Resettet my TPM several times, according to different guides I found.
With my old CPU I have a certificate but with my new one it remains emptry.
I have this problem with Windows 10 (latest official build) and with Windows 11 fresh installed and updated.
I found out that there is a service in the Task Planer that seems to be responsible to obtain this certificate.
You can find it in Task Planer: \Microsoft\Windows\CertificateServicesClient the name is AikCertEnrollTask. But it fails with different errors.
In eventlog I found repeating entries of an error code 86 CertificateServicesClient-CertEnroll that is failing.
Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DIDDY-PC$ über (Link removed)
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-..........microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 15 Feb 2023 18:46:43 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 503e0312-0b3e-4245-8e4d-0737d3e9a845
Methode: GET(406ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) - Hi,
yes I spent hours and days of testing and trying....
Resettet my TPM several times, according to different guides I found.
With my old CPU I have a certificate but with my new one it remains emptry.
I have this problem with Windows 10 (latest official build) and with Windows 11 fresh installed and updated.
I found out that there is a service in the Task Planer that seems to be responsible to obtain this certificate.
You can find it in Task Planer: \Microsoft\Windows\CertificateServicesClient the name is AikCertEnrollTask. But it fails with different errors.
In eventlog I found repeating entries of an error code 86 CertificateServicesClient-CertEnroll that is failing.
Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DIDDY-PC$ über https://AMD-KeyId-..........microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-..........microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 15 Feb 2023 18:46:43 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 503e0312-0b3e-4245-8e4d-0737d3e9a845
Methode: GET(406ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) AaronShero Hi,
yes I spent hours and days of testing and trying....
Resettet my TPM several times, according to different guides I found.
With my old CPU I have a certificate but with my new one it remains emptry.
I have this problem with Windows 10 (latest official build) and with Windows 11 fresh installed and updated.
I found out that there is a service in the Task Planer that seems to be responsible to obtain this certificate.
You can find it in Task Planer: \Microsoft\Windows\CertificateServicesClient the name is AikCertEnrollTask. But it fails with different errors.
In eventlog I found repeating entries of an error code 86 CertificateServicesClient-CertEnroll that is failing.Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DIDDY-PC$ über https://AMD-KeyId-..........microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-..........microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 15 Feb 2023 18:46:43 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 503e0312-0b3e-4245-8e4d-0737d3e9a845Methode: GET(406ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
