Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, March 8, 2017 2:31 PM
Quite a lot of these events in the Application eventlog. The text (partly Dutch):
De SCEP-certificaatinschrijving voor KOPPESBOUWKUNDE\PC25$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep is mislukt:
SubmitDone
Submit(Request): Bad Request
{"Message":"No valid TPM EK/Platform cerificate provided in the TPM identity request message."}
Cache-Control: no-cache
Date: Wed, 08 Mar 2017 13:06:44 GMT
Pragma: no-cache
Content-Length: 95
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 9ae84474-888e-49cc-b932-9a27e1a2fe2a
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Methode: POST(2015ms)
Fase: SubmitDone
Ongeldige aanvraag (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
Is this something to look into or can I ignore it?
Simon Weel
All replies (3)
Thursday, March 9, 2017 5:18 AM
Hi Simon Weel,
According to the information, it seems that the issue is caused by a bad "HTTP_E_STATUS_BAD_REQUEST".
Please try to disable the firewall and the antivirus software temporarily then check the symptom again.
"No valid TPM EK/Platform cerificate provided in the TPM identity request message"
Update the TPM driver from the device manufacturer website. Try to disable "TPM" in BIOS then check the symptom again.
According to my research, the error is related to this task. We could disable this task temporarily.
Task Scheduler\ Microsoft\ Windows \CertificateServicesClient\ AikCertEnrollTask
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, October 12, 2017 10:25 PM
I have the same issue since 10th October 2017 with Windows 10 Pro 64bit. After the Microsoft update to Build 15063.674 I got the event id 1794 (TPM-WMI) in the event log, telling me that there is a security issue with my TPM and that I better update the TPM firmware. So I did update the firmware of this infineon TPM SLB9670, which solved the security issue, but instead lead to Event Id 87 with response HTTP_E_STATUS_BAD_REQUEST from the microsoft server. It's not an issue of the firewall or AV, since https communication takes place (sniffered with wireshark). There is something in the request which the server denies. The result is that you do not get the Attestation Identity Key (AIK).
The request for the AIK is sent by the AikCertEnrollTask. Of course it's easy to disable the task, but this only avoids the event log entry and does not solve the problem.
Anyone out there who can tell us how to solve this?
Tuesday, November 21, 2017 10:10 AM
Ok, I solved this issue by updating / upgrading the TPM firmware from specification 1.2 to 2.0.
Simon Weel