0X80280011

TPM_E_NOSPACE (0X80280011) – No Room to Load Key

Windows Errors Intermediate 👁 0 views 📅 May 26, 2026

You're out of TPM key slots. The fix is clearing unused keys via tpm.msc or a PowerShell script. Don't reimage yet.

Yeah, this one's annoying. Let's fix it.

You're staring at error 0x80280011 – TPM_E_NOSPACE. Your TPM is full. It's not a hardware failure, it's not a driver issue. It's just out of room to load another key. Happens all the time on machines that have been through multiple BitLocker cycles, Windows reinstalls, or corporate provisioning tools. I've seen it on Dell Latitudes, HP EliteBooks, and Lenovo ThinkPads running Windows 10 21H2 through Windows 11 23H2.

The Fix: Clear Stale TPM Keys

You need to evict unused keys from the TPM storage. Here are two ways – pick the one that matches your comfort level.

Method 1: Quick GUI – tpm.msc

  1. Press Win + R, type tpm.msc, hit Enter.
  2. In the left pane, click Actions then Clear TPM. System will require a reboot.
  3. After reboot, the TPM is reset to factory defaults. All keys gone. You'll need to re-enable BitLocker or any TPM-dependent features.

Warning: This wipes everything – including keys for BitLocker, Windows Hello, and Virtual Smart Cards. Only do this if you have your BitLocker recovery key saved. If you don't have it, stop here and use Method 2 instead.

Method 2: Selective Key Removal – PowerShell

This is safer. You remove only the keys that aren't currently in use. Open PowerShell as Administrator and run:

Get-TpmEndorsementKeyInfo -LocalInformationOnly
Get-TpmSupportedStorage
Get-TpmStorageInfo

That shows you how many slots are used. TPM 2.0 devices typically have 7-24 key slots depending on the manufacturer. If you're at the limit, run:

# Remove all keys not currently loaded by running processes
Get-TpmKey -ErrorAction SilentlyContinue | Where-Object { $_.IsLoaded -eq $false } | ForEach-Object { Remove-TpmKey -KeyHandle $_.KeyHandle -Force }

If that doesn't clear enough, you can nuke all keys except the SRK (Storage Root Key):

Clear-Tpm -AllowClear -Force

Same warning as Method 1 applies – but this is the nuclear option.

Why This Happens

TPM key storage is small. Real small. A typical TPM 2.0 chip has about 1KB of non-volatile RAM for keys. Each key takes 128-512 bytes. So you're looking at maybe 7 to 24 key slots max. Every time you provision a new BitLocker protector, enroll a Windows Hello PIN, or join Azure AD, the TPM stores a key. If the old keys aren't evicted when they're no longer needed – and they often aren't – the storage fills up. You hit 0x80280011.

The culprit here is almost always aggressive provisioning scripts from MDM tools like Intune or SCCM. They'll throw a new key in for every policy refresh without cleaning the old ones. I've also seen this on machines that had multiple OS reinstalls with different TPM owners.

Less Common Variations

Sometimes the error shows up with a different face:

  • BitLocker says “TPM is full” during encryption. Same root cause. Clear keys, then retry.
  • Windows Hello face/PIN setup fails. TPM can't create a new key container. Clear stale keys.
  • TPM-backed certificate enrollment fails. Seen this on Domain Joined devices with auto-enrollment. Clear keys, re-enroll.
  • Firmware TPM (fTPM) on AMD systems. Some Ryzen CPUs have buggy fTPM that doesn't free key slots correctly. A BIOS update from your OEM (Dell, HP, Lenovo) often fixes this. Check your vendor's support site for fTPM fixes specific to your model.

One more edge case: if you're on a system with TPM 1.2 (old – think Windows 7 era), the slot count is even lower – usually 3 to 5. Upgrade to TPM 2.0 or replace the hardware.

Prevention – Keep It Clean

You don't need to babysit the TPM, but a little awareness helps:

  • Before a BitLocker turn-off/on cycle, clear unused keys. Run Clear-Tpm -AllowClear -Force after you've disabled BitLocker and before you turn it back on.
  • Audit TPM key usage quarterly on domain-joined machines. Use Get-TpmStorageInfo remotely via PowerShell to check slot count across your fleet. Alert if usage exceeds 80%.
  • Update TPM firmware. Check your OEM's support site for TPM firmware updates. Dell and Lenovo release them regularly. Outdated firmware can leak key slots.
  • Don't use TPM for everything. If you're storing lots of certs or keys, consider using a software-based key store (like Windows Certificate Store) for non-critical items. Save the TPM slots for things that truly need hardware protection – BitLocker, Windows Hello, and smart card emulation.

That's it. You cleared the slots, the error's gone. If it comes back, check your provisioning scripts – they're probably flooding the TPM. And if you're on an AMD fTPM system, push that BIOS update.

Was this solution helpful?

TPM error 0x80280011 TPM_E_NOSPACE fix TPM key storage full clear TPM keys Windows 10 Windows 11 TPM no space BitLocker TPM error TPM.msc clear keys Manage-TPM PowerShell TPM storage limit TPM key eviction TPM error Dell HP Lenovo TPM firmware bug TPM 2.0 key slots full