I suspect it is a bug with Windows 10. I had exact same problem as OP. Here is my findings. I have two PCs, A and B, both have TPM spec 1.2; both have bitlocker enabled. A is Windows 10 1607, B is on Windows 10 1511.
Use TPM.MSC on A. I can clear TPM without supplying owner password, but anything else requires owner password. However on B, non of these actions requires owner password.
Further, on PC A, I cleared TPM via BIOS, reboot, double checked the TPM status was disabled and unowned in BIOS. Boot into windows via recovery password(make sure you have your recovery password if you are going to try this on your PC), prepared TPM via TPM.MSC, followed the wizard, after reboot, windows TPM wizard says TPM is ready and "Windows automatic remember owner password, blah blah ..." (same as vaindil observed), never I had a chance to save the TPM owner password. I then reboot into BIOS and TPM now has status enabled and owned. This confirmed windows indeed took the TPM ownership. It just never offered user a chance to save the owner password. I also wonder where the password was saved, registery?
Interestingly, on PC B, similar procedure, I had chance to save the owner password to AD, file or print it.
It appears to me the issue is related to 1607 build. If somehow I can get 1511 install media, I definitely will try it on PC A to confirm it.
Have you tried "Change owner password" while leaving the "old password" field blank? – Nathan.Eilisha Shiraini – 2016-07-25T10:13:09.420
Yes. It doesn't accept the (empty) password. – cfp – 2016-07-26T11:20:36.533
I just cleared my TPM as well. When it rebooted, Windows said something to the effect of "Windows can keep your key secure so you don't need to remember it". I want that key for a reason! – vaindil – 2016-08-11T05:53:53.787
Sounds like you cleared it, but you haven't re-initialized it. Maybe this will help: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm
– lightwing – 2016-08-16T16:38:42.447@lightwing There doesn't appear to be a way to clear it without reinitializing it. I cleared it from both the BIOS and Windows, and my BIOS said the TPM was "unowned", but when I log back into Windows it's shown in the TPM Administration menu as "Ready to use". The "Prepare TPM" option is grayed out. – vaindil – 2016-08-18T17:36:34.910
Clearing it doesn't automatically initialize it. It's two separate processes. I sounds like previous attempts to clear the TPM have failed. According to Microsoft's documentation, you should be able to clear it without needing the current password. See the link below and scroll down to the section "Clear the TPM". Before doing that, verify in your BIOS, Security section, make sure TPM Security is set to Enabled. https://technet.microsoft.com/en-us/library/cc749022(v=ws.10).aspx#BKMK_S2
– lightwing – 2016-08-19T14:11:16.083The other possibility is a bad TPM driver. I had this issue when I was building an image for deployment. I installed what I thought was a compatible driver (Infineon Trusted Platform Module) according to the PnPID, but it apparently wasn't the right one. I had to remove the device and let Windows detect and install the driver (Trusted Platform Module 1.2). – lightwing – 2016-08-19T14:13:39.180
@lightwing I was able to get it to not reinitialize automatically. I cleared it in Windows, then the computer reboots so the BIOS can confirm. After that it reboots again, so I caught it and went into my BIOS settings and turned the TPM off. Windows didn't automatically initialize it. I chose the option to do so manually, then it rebooted, but when I logged back in a dialog popped up saying "Windows can remember your owner password so you don't have to". At no point was I given the option to set or even view it. – vaindil – 2016-08-19T17:12:36.567
If this vbs script runs on your computer, could you post the results ?
– harrymc – 2016-08-20T10:59:44.673@harrymc
TPM is Enabled
,TPM is Activated
,TPM is Owned
,Owner clear of TPM Is disabled
,TPM has an endorsement key
,Owner can be installed on this TPM
,A TPM physical presence operation can clear the TPM.
,This computer does not support a dedicated hardware path to signal physical presence.
,The Storage Root Key (SRK) is compatible with Windows Vista
,Tpm status script finished
– vaindil – 2016-08-20T22:23:25.870As TPM is owned, there is always an owner password that cannot be cleared, so what exactly are you trying to do? Also, the post is confusing as it says "at no point ... did I ever set a TPM password" together with "asks for the old password". So, did the computer arrive with TPM preset, or what ? It would also help to know the computer model. – harrymc – 2016-08-21T09:46:32.270
Question: In the registry entry of
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM
, what is the value ofOSManagedAuthLevel
? – harrymc – 2016-08-22T14:03:26.170@harrymc That script gives exactly the same messages as it did for viandil . The laptop is a Dell Latitude e7240, as stated in the OP. The TPM manufacturer is ATML. Manufacturer version 41.1, Specification version 1.2. The registry key you mention is: 0x00000002. – cfp – 2016-08-22T18:26:27.240
2
According to this Microsoft article,
– harrymc – 2016-08-22T20:13:16.550OSManagedAuthLevel=2
means Delegated. You might try to set it to 4 (Full) and reboot, then clear again the TPM. Read the relevant parts of the article.Have you tried it ? – harrymc – 2016-08-24T06:24:38.747
Apparently not. – harrymc – 2016-08-26T08:42:23.283
Apologies for the delay. I changed the key as you suggested, rebooted, cleared TPM in bios, ran TPM.msc, "prepared the TPM for use", rebooted again, pressed "F10" when asked to prove I was at the PC", and then when I came back into Windows, I was given the "Windows can save your password for you" screen. However, the screen now had a button to save the password as a file, which I do not remember seeing before. So although I still couldn't enter a password, at least I have a copy of the password file now, which is an improvement. – cfp – 2016-08-27T09:51:38.027