0X8028004C

Fix TPM_E_DELEGATE_FAMILY (0X8028004C) on Windows 10/11

Windows Errors Intermediate 👁 0 views 📅 May 27, 2026

This TPM error pops up when you try to manage a TPM key family that wasn't delegated to you. The quick fix is clearing and reprovisioning the TPM via Windows Security.

You're staring at TPM_E_DELEGATE_FAMILY (0X8028004C) and it's driving you nuts. Let me show you the fix that works almost every time — no fancy tools or command-line gymnastics required.

Quick Fix: Clear and Reprovision the TPM

This error means the Trusted Platform Module has a family delegation that doesn't match what your system expects. It often shows up after a Windows update, a driver rollback, or when you switch BitLocker on and off too fast.

  1. Open Windows Security. Click Start, type "Windows Security", and hit Enter.
  2. Go to Device Security (the shield icon with a lock).
  3. Under Security processor, click Security processor details.
  4. You'll see a window labeled Trusted Platform Module (TPM) Management. Look for a button that says Clear TPM. Click it.
    After clicking, you should see a warning: "Clearing the TPM resets it to factory defaults and you will lose all associated cryptographic keys."
  5. Click Clear and restart. Your PC will reboot automatically. When it comes back, press the on-screen prompt to confirm the TPM clear — this is usually a Y key press during boot.
  6. After the reboot, go back to Windows Security > Device Security > Security processor details. Click Update and then Restart to reprovision the TPM.
  7. Check the TPM status. It should now say "Ready" with no delegation errors.

That's it. The error should be gone. If you still see it, move to the next section.

Why This Works

The TPM stores keys and endorsement credentials in structures called "families." Each family has a delegation — basically a permission boundary. When Windows tries to create or modify a key in a family that wasn't delegated to the running process, you get this error. Clearing the TPM wipes all families and delegations, giving you a fresh slate. Reprovisioning then sets up default families that match your current Windows installation.

This is the nuclear option, but it's safe. You'll lose any BitLocker recovery keys stored in the TPM (not the drive encryption itself — just the TPM-bound key). If you have BitLocker, back up your recovery key first: go to Control Panel > BitLocker Drive Encryption > Backup your recovery key.

Less Common Variations

Variation 1: BitLocker Won't Turn On After Fix

Sometimes clearing the TPM breaks BitLocker's ability to use TPM protection. If you can't turn on BitLocker after the fix:

  1. Run tpm.msc as admin (Win+R, type tpm.msc, Enter).
  2. Under Actions, click Prepare the TPM.
  3. Reboot, then try BitLocker again.

Variation 2: Error in Event Viewer With No UI Access

If you're getting this error in logs but can't open Windows Security (maybe your account is restricted), use PowerShell:

# Run as Administrator
Clear-Tpm -Force
Initialize-Tpm -AllowClear
Restart-Computer -Force

The -Force flag skips the confirmation prompt. After the reboot, the TPM will auto-provision on first boot.

Variation 3: Error on Server Systems (Windows Server 2016/2019/2022)

Servers sometimes need a different approach because they have BitLocker already active on the OS drive. Don't use the Clear TPM button. Instead:

  1. Suspend BitLocker protection: Suspend-BitLocker -MountPoint "C:" -RebootCount 0
  2. Run Clear-Tpm -Force
  3. Reboot and resume BitLocker: Resume-BitLocker -MountPoint "C:"
  4. In tpm.msc, click Provision TPM.

Prevention Tips

  • Don't rapidly enable/disable BitLocker. Each toggle creates new families. Wait 30 seconds between changes.
  • Keep your TPM firmware updated. Check your motherboard or laptop manufacturer's support site for a current TPM firmware update.
  • Avoid third-party TPM management tools. They often bypass Windows delegation rules and corrupt family metadata. Stick with the built-in tools.
  • If you're using Group Policy to manage TPM, make sure the policy Computer Configuration > Administrative Templates > System > Trusted Platform Module Services isn't blocking delegation. Set it to "Not Configured" unless you have a specific requirement.

One last thing: This error rarely shows up on hardware that's less than 3 years old. If you're on an older system and this keeps happening, consider replacing the TPM module (if it's discrete) or updating your BIOS to the latest version. Sometimes the TPM chip itself goes bad — that's a hardware RMA issue.

Was this solution helpful?

TPM_E_DELEGATE_FAMILY 0X8028004C TPM error BitLocker TPM error Windows TPM management TPM provisioning TPM clear TPM repair SecureBoot TPM Windows Security TPM TPM family delegation error