Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.


0 like 0 dislike


I'm try to bitlocker the My Surface pro 3 but I get this error.

The TPM is defending against dictionary attacks and is in a time-out period.

i try to clear the TPM from the TPM management but that option is gray out.

Please help

asked by  

3 Answers

0 like 0 dislike
Best answer
I actually had to work with Microsoft on this issue.  Same scenario: Organization imaged a number of Surface Pro 3's with Windows 8.1 and it worked fine, then they shipped us several with Windows 10 and we get a TPM lockout after imaging.  

They provided me with several Powershell commands which fix the issue, post-imaging, which include a reboot (allows you to clear TPM).  After that reboot I am able to encrypt my devices.

Issue these commands, using Powershell (run as an Administrator) one at at time:

$tpm=get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm



Microsoft has yet to acknowledge this is a bug, which it clearly is.%uFEFF
answered by  
0 like 0 dislike

What a pain lol. I've found the error and resolution in my ways. The new surfaces come with Windows 10 installed and encryption enabled. Well I was imaging windows 8 on it without clearing the encryption first and since there is a separate TPM module, it was recognizing the OS didn't match.

To fix this was a bit more complicated and I can't remember my exact steps.

These were my steps:

  1. Create a restore point
  2. Disable/Reenable Secure Boot and TPM
  3. Use recovery usb to 'reset pc' - gets to 66% or so then fails.
  4. Get prompted to clear tpm - this bricks it (uefi boot loop)
  5. Turn off surface
  6. Hold power and volume down to boot back to usb
  7. System restore back to the one I created.
  8. Back to Windows 8 and TPM unlocked.

To fix this going forward, I will clear the tpm and unencrypt the drive first, then reimage. Lesson learned.

Thanks for your help! :)

answered by  
0 like 0 dislike

This is good information! I'll give this a shot. I'm trying to convince myself to not go into the office over the weekend and just deal with it on Tuesday tho.

The only thing I need is the drive encrypted and bitlocker enabled. So would that look like this?

  • turn off tpm and secure boot.
  • image
  • encrypt
  • turn on tpm and secure boot
  • turn on bitlocker

Thanks a lot for your help. This is an area I know very little about.

answered by