Oct 01 2021 08:05 AM - edited Oct 01 2021 08:06 AM
Hello,
I have a series of Lenovo Notebooks (ThinkBook 14 G2 ARE Laptop - Type 20VF) where Autopilot white-glove and self-deployment fail during enrollment of the AIK certificate with a http error 404.
Here's the logfile:
v2.0
TPM-Version:2.0 -Level:0-Revision:1.38-VendorID:'AMD '-Firmware:196650.5
AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8
CN=PRG-RN, O=Advanced Micro Devices, S=CA, L=Santa Clara, C=US, OU=Engineering
https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Now I'm wondering whether this is one of the rare cases that Michael mentions on his blog where the TPM has not been whitelisted by Microsoft (for whatever reason).
Some more details about the TPM:
C:\Windows\system32>tpmtool getdeviceinformation
-TPM Present: True
-TPM Version: 2.0
-TPM Manufacturer ID: AMD
-TPM Manufacturer Full Name: AMD
-TPM Manufacturer Version: 3.47.0.5
-PPI Version: 1.3
-Is Initialized: True
-Ready For Storage: True
-Ready For Attestation: True
-Is Capable For Attestation: True
-Clear Needed To Recover: False
-Clear Possible: True
-TPM Has Vulnerable Firmware: False
-PCR7 Binding State: 2
-Maintenance Task Complete: True
-TPM Spec Version: 1.38
-TPM Errata Date: Friday, March 02, 2018
-PC Client Version: 1.01
-Is Locked Out: False
Since the same configuration works like a charm for other notebook models, I assume, the reason somewhere in the TPM and not the configuration in Intune.
Does anybody have more details about TPM attestation and the background infrastructure?
Oct 01 2021 10:33 PM
Oct 01 2021 10:44 PM
Oct 01 2021 11:57 PM
Oct 02 2021 01:24 AM