Forum Discussion
Intune compliance issues Windows 11 22H2
I guess its time to run a wpr trace
https://call4cloud.nl/wp-content/uploads/2023/01/log.zip
you can start it by using: wpr -start c:\locationofthefile ... execute the task until it fails... and then
wpr -stop c:\temp\log.etl
In that wpr file I added the provider that logs the device health attestation and the activityVerifyDeviceHealth function... with that log we should know the "why"
The task takes about 30-40 sec. The tpmtool.exe results are added as a screenshot. Now i gonna try with the wpr trace and post the results 🙂 Rudy_Ooms_MVP
The firmware i cant install with dism /Online /Add-Package /PackagePath:<PATH TO CAB FILE>
Error: The system cannot find the file specified.
When i use msinfo32 and Confirm-SecureBootUEFI and manage-bde -protectors -get $env:systemdrive
All results are good.
BIOS Mode is UEFI
PCR7 is BOUND
(Uses Secure Boot for intergrity validation) <- check!- perhaps this page will give you some new ideas to test + gather some more low level info: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5429
please check Application and Services Logs > Microsoft > Windows > BitLocker-API > Management as suggested on https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/954cf796-a640-4134-b742-eaf0ed2663ff
1. hmmm, the latest Nuvoton firmware is 7.2.3.1 - https://www.catalog.update.microsoft.com/Search.aspx?q=nuvoton
(from https://learn.microsoft.com/en-us/troubleshoot/windows-server/deployment/pcr7-configuration-binding-not-possible#more-information ) :
2. Open an elevated command prompt, and run the msinfo32 command.
In System Summary, verify that BIOS Mode is UEFI, and PCR7 Configuration is Bound.
3. on my desktop:
TPM:
ID: {GUID}
PCR Validation Profile:
7, 11
(Uses Secure Boot for integrity validation)
^^^^^^^^^^^^^
please verify that you can see this above line on your device
