"Error Cannot Process TPM Attestation" when you try to configure Key Attestation in Windows Server 2012 R2

Symptoms
When you configure TPM Key Attestation with the "Endorsement key" TPM trust model by using TPM 2.0 for a Windows 10 client that's connecting to Windows Server 2012 R2 that's running Active Directory Certificate Services. Certificate enrollment fails, and you receive the "Error Cannot Process TPM Attestation" and the "ERROR_INVALID_PARAMETER" error messages.
Resolution
To fix this issue, install the June 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (KB3161606).
More information
Get more information about TPM Key Attestation on the Microsoft website.

Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology that Microsoft uses to describe software updates.
Properties

Article ID: 3154769 - Last Review: 06/21/2016 16:32:00 - Revision: 1.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation

  • kbqfe kbsurveynew kbfix kbexpertiseadvanced KB3154769
Feedback