Issue:
I recently run into an error with Windows AutoPilot and got the 0x801c0003 error code. I reset TPM, UEFI FW and Secure Boot but that did not solve the issue so I dug into it.
Specifications:
- HP EliteBook 820 G4
- TPM 2.0
- Windows 10 1909 (November ISO)
- Latest UEFI FW
Cause:
It turned out that the device was missing a TPM FW update and below is how I troubleshot and solved it.
Resolution:
I started by having a look at the Event Viewer which is accessed by:
1. Start a CMD-prompt by pressing “Shift+F10” after the Autopilot error message is received.
2. Write “EventVwr” in the CMD-prompt
3. Look at these three locations in the Event Viewer:
Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Microsoft-Windows-Provisioning-Diagnostics-Provider
Microsoft-Windows-User Device Registration
In my case I got Event ID 204 and Error Code 0x801c0003 at Microsoft-Windows-User Device Registration
The event details pointed at TPM to be the error source:
{“Code”:”AuthorizationError”,”SubCode”:”MsaTicketTpmValidationFailed”}
As I had already reset TPM and UEFI FW the next thing to do was to gather more logs:
1. Start a CMD-prompt by pressing “Shift+F10”.
2. Write: MDMDiagnosticsTool.exe -Area Autopilot;TPM -Cab d:\WindowsAutopilotDiag.cab (USB-device)
I extracted the .cab-file and had a look at “CertReq_enrollaik_Output.txt”
{“Message”:”Attestation statement cannot be verified, rejecting request. TPM firmware needs update.”}
I downloaded the TPM firmware update from HP https://support.hp.com/us-en/document/c05792935 and that solved the issue.