Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TPM error - SCEP Certificate enrollment initialization failed

yvesgeiser
Level 7

‎01-10-2022 01:34 AM - last edited on ‎03-05-2024 01:48 AM by Community Admin

Hello,

My current pretty much new setup (AMD 5800x, ROG Strix X570-E Gaming, Samsung 980pro disk, Trident Z Ram's, Logitech periphery) throws many SCEP error messages when Windows 11 is installed.

Those messages look like this:

SCEP Certificate enrollment initialization for SYSTEMNAME via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 10 Jan 2022 07:22:58 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: fce56d1f-75bd-42a2-8de4-2c5c301482c7

Method: GET(234ms)
Stage: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Does anyone know how to solve this? I managed to enable all items and my system is absolutely up to date when it comes to drivers. The OS reports all is fine with TPM. Keys are correctly set.

91640
0 Kudos
32,731 Views
12 REPLIES 12

benonikenobi
Level 7

‎01-10-2022 05:15 AM

Hi!

I had the same problem after I did a clean install of windows 11 with my 5900x and Dark hero MB. I soon had problems with intermittent random freezing, no bluescreen, everything would just freeze and I had to manually reboot. Not a hundred % sure it was due to the error but when I googled the error I found a couple of threads regarding the same thing. Tried some of the suggestions but none worked. This in combo with some other issues I had I decided to reinstalled windows 10 instead. Rock solid now.
0 Kudos

Kelutrel
Level 11

‎01-10-2022 09:08 AM

There is this thread here that suggests to stop a scheduled task : Search for "Task Scheduler" ->drop "Microsoft" ->drop "Windows" ->click "CertificateServiceClient" -> set the "AikCertEnrollTask" to disabled.

That will make the event viewer message disappear.

I have some experience with certificates and also attempted to perform the enrollment directly from the command prompt, using a copy of the certificate retrieved from Microsoft, but no joy, even with the mentioned certificate correctly installed in the TPM area it still logs that error.

Note that the TPM is used only for SecureBoot authentication and for any BitLocker storage access, but not for the drivers certificate authentication or any other certificate.

That missing certificate is *possibly* just a certificate with which AMD signs, or signed, certain parts of their BIOS that are accessed by the SecureBoot process at boot. But if your PC already starts successfully, it may not be needed.

My suggestion would be to ignore the message in the event viewer, AMD or Microsoft will fix it at a certain point. Note that this message only appears if you installed/upgraded Windows 11 from a previous Windows 10 installation, it does not appear if you installed Windows 11 on a fresh partition by booting from a usb or dvd copy of the installation disk.
0 Kudos

benonikenobi
Level 7
In response to Kelutrel

‎01-10-2022 11:32 PM

Kelutrel wrote:
There is this thread here that suggests to stop a scheduled task : Search for "Task Scheduler" ->drop "Microsoft" ->drop "Windows" ->click "CertificateServiceClient" -> set the "AikCertEnrollTask" to disabled.

That will make the event viewer message disappear.

I have some experience with certificates and also attempted to perform the enrollment directly from the command prompt, using a copy of the certificate retrieved from Microsoft, but no joy, even with the mentioned certificate correctly installed in the TPM area it still logs that error.

Note that the TPM is used only for SecureBoot authentication and for any BitLocker storage access, but not for the drivers certificate authentication or any other certificate.

That missing certificate is *possibly* just a certificate with which AMD signs, or signed, certain parts of their BIOS that are accessed by the SecureBoot process at boot. But if your PC already starts successfully, it may not be needed.

My suggestion would be to ignore the message in the event viewer, AMD or Microsoft will fix it at a certain point. Note that this message only appears if you installed/upgraded Windows 11 from a previous Windows 10 installation, it does not appear if you installed Windows 11 on a fresh partition by booting from a usb or dvd copy of the installation disk.


I tried exactly that and my problems still persisted, computer still freezed now and again. But, my freezing might not have had anything to do with that, even though the event was logged just before the freezing occured so I´m prety sure they were contected.

And in my case I didnt do an upgrade from win 10. I built a brand new machine with a new nvem-drive and installed win 11 from an usb-stick
0 Kudos

Kelutrel
Level 11
In response to benonikenobi

‎01-11-2022 01:33 AM

benonikenobi wrote:
I tried exactly that and my problems still persisted, computer still freezed now and again. But, my freezing might not have had anything to do with that, even though the event was logged just before the freezing occured so I´m prety sure they were contected.

And in my case I didnt do an upgrade from win 10. I built a brand new machine with a new nvem-drive and installed win 11 from an usb-stick


There is no chance that after correctly disabling the task "AikCertEnrollTask" that specific event viewer message still appears. Your problem may be something else.
0 Kudos

benonikenobi
Level 7
In response to Kelutrel

‎01-11-2022 01:51 AM

Kelutrel wrote:
There is no chance that after correctly disabling the task "AikCertEnrollTask" that event viewer message still appears. Your problem may be due to something else.


Sorry, I wasnt clear 🙂 after disabling the task (and it was done properly) the error didnt appear again, even though another error occured instead (cant remember what that one was though). What did persist was the freezing. What I meant was that before I disabled the task the error came just before the computer freezed so in my world the two were conected.
0 Kudos

yvesgeiser
Level 7
In response to benonikenobi

‎01-13-2022 11:43 PM

The fact is, that many if not all owners of the current AMD line up do suffer on Windows 11 with random freezes and this particular error message. And the worst thing is, that no one either from AMD or MS do care about this.

But finally this is not the right place to post this as this is not something that ASUS can fix. For me personally this is broken and if this remains I'll switch back to Intel... they are not perfect but I can't remember that they failed on such easy tasks like certificate exchange and random freezes.

AMD should approach MS and fix this asap. MS doesn't have to move and Intel just smileys.. and even there is a fix in the pipe... this here is an emergency fix and not tbd sometime fix.
0 Kudos

Piers
Level 8
In response to Kelutrel

‎02-19-2022 04:39 PM

Kelutrel wrote:
Note that this message only appears if you installed/upgraded Windows 11 from a previous Windows 10 installation, it does not appear if you installed Windows 11 on a fresh partition by booting from a usb or dvd copy of the installation disk.

Every single component is my PC is less than four months old. The PCIe M.2 WD 1TB drive came from the packet and had Windows 11 Pro installed. This message appears with clean installations as well.
AMD Ryzen R9 5900X
ASUS ROG Strix B550-E (the worst motherboard I've owned in 25 years)
Corsair H150i Pro XT 360mm
32GB Corsair VENGEANGE LPX 3600MHz CL18
EVGA RTX 3080 FTW Hybrid w/ 280mm radiator
M.2 WD 1TB SN550 | 2 * WD Blue 1TB SATA | 2 * Toshiba N300 8TB | 400TB on a 48-bay Supermicro server
Corsair RM850X
Fractal Meshify 2
Microsoft Windows 11 Pro
0 Kudos

hcccs
Level 7
In response to Kelutrel

‎02-26-2023 01:57 AM

Kelutrel wrote:
There is this thread here that suggests to stop a scheduled task : Search for "Task Scheduler" ->drop "Microsoft" ->drop "Windows" ->click "CertificateServiceClient" -> set the "AikCertEnrollTask" to disabled.

That will make the event viewer message disappear.

I have some experience with certificates and also attempted to perform the enrollment directly from the command prompt, using a copy of the certificate retrieved from Microsoft, but no joy, even with the mentioned certificate correctly installed in the TPM area it still logs that error.

Note that the TPM is used only for SecureBoot authentication and for any BitLocker storage access, but not for the drivers certificate authentication or any other certificate.

That missing certificate is *possibly* just a certificate with which AMD signs, or signed, certain parts of their BIOS that are accessed by the SecureBoot process at boot. But if your PC already starts successfully, it may not be needed.

My suggestion would be to ignore the message in the event viewer, AMD or Microsoft will fix it at a certain point. Note that this message only appears if you installed/upgraded Windows 11 from a previous Windows 10 installation, it does not appear if you installed Windows 11 on a fresh partition by booting from a usb or dvd copy of the installation disk.


Yes, it does. I build a new PC and installed W11 fresh and I have then problem.
0 Kudos

kiberman2
Level 7
In response to hcccs

‎02-28-2023 02:31 AM

Hello all, have same on bios 4601 beta with new Agesa 1.2.0.8

https://rog.asus.com/forum/showthread.php?132429-Asus-X570-E-gaming-wifi-2-Litlle-Feedback-about-Bio...
0 Kudos