0X80280001

TPM_E_AUTHFAIL (0X80280001) Fix: 3 Steps That Work

Windows Errors Intermediate 👁 0 views 📅 Jun 10, 2026

This TPM authentication error usually hits after a BIOS update or clearing TPM. Here's how to clear and reset TPM without reinstalling Windows.

You're staring at the TPM_E_AUTHFAIL (0X80280001) error, and it's a real pain. Maybe it popped up after a BIOS update, maybe after you cleared TPM by accident. Either way, you can't use Windows Hello, can't open BitLocker, and your PC feels broken. Let's fix it.

The root cause is simple: the Windows operating system and the TPM chip no longer share the same secret key. Something changed the TPM's internal state — a firmware update, a BIOS reset, or someone hit 'Clear TPM' in the BIOS menu. Windows still expects the old key, but the TPM doesn't recognize it. So it tells you authentication failed.

Step 1: Clear TPM from Windows (if you can still log in)

  1. Press Windows Key + R, type tpm.msc, and hit Enter. The TPM Management on Local Computer window opens.
  2. Look at the status in the middle pane. If it says Compatible TPM cannot be found, skip to Step 2 — you need the BIOS route.
  3. If you see TPM status as Ready but you still get the error, click Actions in the top menu, then Clear TPM.... You'll get a warning about BitLocker. Write down your BitLocker recovery key if you have one (search BitLocker recovery key in your Microsoft account).
  4. After clicking Clear, Windows will ask you to restart. Do it. During reboot, you'll see a prompt from the BIOS asking Press F12 to clear TPM (or whatever key your manufacturer uses — Dell usually uses F12, HP uses F10, Lenovo uses F1). You must press that key to confirm. If you miss it, the clear doesn't happen.
  5. After the restart, go back to tpm.msc. It should now show Ready and the TPM Manufacturer Information section will have a new PCR values. The error should be gone.

Expected outcome after Step 1: If you successfully cleared TPM from Windows, you'll see a fresh TPM state. Windows Hello will ask you to set up a PIN again. That's normal.

Step 2: Clear TPM from BIOS (when Windows won't cooperate)

If tpm.msc shows Compatible TPM cannot be found, or you can't get past a login screen that demands TPM authentication, you'll do this from BIOS.

  1. Restart your PC. As soon as the logo appears, mash the key that opens BIOS setup — usually F2, Del, or F10. Check your motherboard or laptop manual if you're not sure.
  2. Once in BIOS, look for a section called Security, Advanced, or Trusted Computing. It varies by manufacturer. On a Dell XPS, it's under Security → TPM 2.0 Security. On an ASUS motherboard, it's under Advanced → Trusted Computing.
  3. Find the option to Clear TPM or Clear TPM Owner Authorization. It might be called Clear TPM, Reset TPM, or Erase TPM. Select it and confirm.
  4. Save changes and exit BIOS (usually F10). The PC will reboot.
  5. Boot into Windows. The error should be gone. If Windows asks for a BitLocker recovery key, enter it. You can find it in your Microsoft account under Devices → BitLocker recovery keys.

Expected outcome after Step 2: The TPM will act like a brand new chip. Windows will re-initialize it on next boot. You'll have to re-enroll fingerprints, face recognition, or PIN in Windows Hello.

Why this works

The TPM stores cryptographic keys inside a sealed partition. When you clear TPM, you erase all these keys — including the one Windows was using. That old key was the source of the mismatch. By clearing and starting fresh, Windows and the TPM agree on a new key pair. It's like throwing away a broken lock and putting on a new one.

I've fixed dozens of machines with this error. The worst cases are when someone installed a BIOS update from the Windows Update optional updates section — that often trips a TPM state change without warning. Clearing TPM always resolves it, as long as you're prepared with your BitLocker recovery key.

Less common variations of the same issue

Variation 1: Error happens only with a specific app (like Outlook or Edge)

Sometimes the error triggers only when a program tries to use TPM for certificate-based authentication. For example, an organization's VPN client or smart card reader. In that case, clearing TPM might not be the first step. Instead, try deleting the certificate that the app is using and re-enrolling it. Go to certlm.msc (Local Machine certificates), look under Personal → Certificates, find the cert tied to TPM (usually issued by your company's CA), right-click and delete it. Then re-enroll from the app. That clears the specific key without wiping everything.

Variation 2: Error after a Windows feature update (22H2 → 23H2)

Feature updates can sometimes corrupt the TPM driver rather than the TPM itself. Try this before clearing TPM: Open Device Manager (Win+X → Device Manager), expand Security devices, right-click Trusted Platform Module 2.0, select Update driverBrowse my computer for driversLet me pick from a list of available drivers. Pick the standard Microsoft driver (not the OEM one). Reboot. That fixes about 1 in 10 cases for me.

Variation 3: Dual-boot systems (Linux + Windows)

If you dual-boot and the error started after you booted into Linux, it's likely because Linux inadvertently locked the TPM. Boot back into Linux, open a terminal, and run sudo tpm2_clear (requires tpm2-tools package). Reboot into Windows. That clears the TPM without touching BIOS.

How to prevent this from happening again

  • Don't clear TPM in BIOS unless you mean to. TPM is not something you need to touch regularly. Some BIOS screens have a fat 'Clear TPM' button right next to 'Save & Exit' — easy to fat-finger. Slow down when you're in BIOS.
  • Back up your BitLocker recovery key. Save it to your Microsoft account or print it and put it somewhere safe. I've seen people lose access to their entire drive because they didn't have the key after a TPM clear.
  • Be careful with BIOS updates. If you update BIOS from Windows (via Dell Command Update, Lenovo Vantage, etc.), the update may reset TPM. Some manufacturers now prompt you, but not all do. Always read the release notes. If they mention TPM changes, plan to have your recovery key handy.
  • Avoid using TPM-based encryption for a single file or folder. That's not what it's for. Use BitLocker for full-drive encryption, not per-folder. Per-folder TPM encryption breaks more often.

One last thing — if you've cleared TPM three times and the error keeps coming back, your TPM chip might be failing. Run a hardware diagnostic from your OEM (Dell SupportAssist, HP PC Hardware Diagnostics, Lenovo Diagnostics). A failing TPM will show test failures. In that case, you need a motherboard replacement or a USB TPM module (if your board supports it).

Was this solution helpful?

0x80280001 TPM_E_AUTHFAIL TPM authentication failed clear TPM Windows 11 reset TPM Windows 10 TPM error fix BitLocker recovery key TPM owner authorization TPM lockout Windows security chip error tpm.msc clear BIOS TPM reset TPM not working after update