Fix TBS_E_INVALID_CONTEXT (0X80284004) – Trusted Platform Module Issue
This error means the TPM context handle your app is using is stale or invalid. Usually happens after a TPM reset or driver hiccup.
Quick Answer
Run net stop tbs && net start tbs as admin, then restart your app. If that doesn't work, clear the TPM from BIOS or Group Policy.
Why You're Seeing This
Error 0X80284004 shows up when a program tries to use a TPM context handle that's been invalidated. The culprit here is almost always the TPM being reset, the TBS (TPM Base Services) service crashing, or a driver update that didn't clean up properly. I've seen this most often in Windows 10 and 11 after a firmware TPM update or after disabling and re-enabling the TPM in BIOS. BitLocker users get hit hard by this — the encryption engine holds onto a stale handle and refuses to let go.
The TPM context handle is basically a session token. When the TPM gets reset, that token becomes garbage. The app doesn't know that, so it tries to use the old handle and gets slapped with TBS_E_INVALID_CONTEXT. Same thing happens if the TBS service restarts mid-operation.
Step-by-Step Fix
- Restart the TBS service – Open an admin command prompt and run:
Then retry your application. This clears out any orphaned context handles held by the service itself. Works about 60% of the time.net stop tbs && net start tbs - Reinstall the TPM driver – If step 1 doesn't help, open Device Manager, expand "Security devices", right-click "Trusted Platform Module 2.0", select "Uninstall device" (check "Delete the driver software for this device" if it appears). Reboot. Windows will reinstall the driver automatically. This flushes the entire TPM stack.
- Clear the TPM – Last resort. In Windows, go to Settings > Update & Security > Windows Security > Device Security > Security processor details > Security processor troubleshooting. Select "Clear TPM". You'll lose BitLocker keys, so have the recovery key handy. Reboot. The TPM will reinitialize with a fresh context.
Alternative Fixes
- Group Policy toggle – If you're in a domain, the TPM might be locked down. Run
gpedit.msc, go to Computer Configuration > Administrative Templates > System > Trusted Platform Module Services. Set "Turn on TPM service" to "Enabled". Force a GP update withgpupdate /force. - Update firmware TPM – Check your motherboard or laptop manufacturer's site for a TPM firmware update. Some Intel and AMD systems had a bug where the TPM would silently reset after sleep cycles.
- Software TPM – If you're using a software TPM (e.g., in a VM), delete the TPM device from the VM settings and add it back. Yes, you'll lose existing keys, but that's the nature of software TPMs.
Prevention Tip
Don't screw with the TPM in BIOS unless you know what you're doing. If you need to reset it, do it from within Windows (step 3 above) so the OS can gracefully invalidate all old handles. Also, update your TPM firmware before you hit this error — most BIOS updates will do that for you. For BitLocker, always back up your recovery key to your Microsoft account or AD.
Was this solution helpful?