FACILITY_TPM_SERVICES: the Trusted Platform Module services.

The source of the error code is the Trusted Platform Module services.^[1][2]

• 0x80280001: An internal exception occurred while executing the method or property. ^[3]
• 0x80280002: The object is already associated with an ink object and cannot be reassociated. ^[3]
• 0x80280003: The operation cannot be performed while the user is actively inking. ^[3]
• 0x80280004: The interface pointer points to an object that is incompatible with the Ink API ^[3]
• 0x80280005: The window handle must be set before ink collection can occur. ^[3]
• 0x80280006: The InkCollector must be gesture mode for gesture features, and single tablet mode for single tablet features. ^[3]
• 0x80280007: The operation cannot be performed while the InkCollector is enabled. ^[3]
• 0x80280008: There are no strokes for the recognizer to process. ^[3]
• 0x80280009: There are no strokes for the recognizer to process. ^[3]
• 0x80280010: "The window input rectangle overlaps with an enabled InkCollector's window input rectangle." ^[3]
• 0x80280000: This is an error mask to convert TPM hardware errors to win errors.^[2]
• 0x80280001: Authentication failed.^[2]
• 0x80280002: The index to a PCR, DIR or other register is incorrect.^[2]
• 0x80280003: One or more parameter is bad.^[2]
• 0x80280004: An operation completed successfully but the auditing of that operation failed.^[2]
• 0x80280005: The clear disable flag is set and all clear operations now require physical access.^[2]
• 0x80280006: Activate the Trusted Platform Module (TPM).^[2]
• 0x80280007: Enable the Trusted Platform Module (TPM).^[2]
• 0x80280008: The target command has been disabled.^[2]
• 0x80280009: The operation failed.^[2]
• 0x8028000A: The ordinal was unknown or inconsistent.^[2]
• 0x8028000B: The ability to install an owner is disabled.^[2]
• 0x8028000C: The key handle cannot be interpreted.^[2]
• 0x8028000D: The key handle points to an invalid key.^[2]
• 0x8028000E: Unacceptable encryption scheme.^[2]
• 0x8028000F: Migration authorization failed.^[2]
• 0x80280010: PCR information could not be interpreted.^[2]
• 0x80280011: No room to load key.^[2]
• 0x80280012: There is no Storage Root Key (SRK) set.^[2]
• 0x80280013: An encrypted blob is invalid or was not created by this TPM.^[2]
• 0x80280014: The Trusted Platform Module (TPM) already has an owner.^[2]
• 0x80280015: The TPM has insufficient internal resources to perform the requested action.^[2]
• 0x80280016: A random string was too short.^[2]
• 0x80280017: The TPM does not have the space to perform the operation.^[2]
• 0x80280018: The named PCR value does not match the current PCR value.^[2]
• 0x80280019: The paramSize argument to the command has the incorrect value .^[2]
• 0x8028001A: There is no existing SHA-1 thread.^[2]
• 0x8028001B: The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error.^[2]
• 0x8028001C: The TPM hardware device reported a failure during its internal self test. Try restarting the computer to resolve the problem. If the problem continues, check for the latest BIOS or firmware update for your TPM hardware. Consult the computer manufacturer's documentation for instructions.^[2]
• 0x8028001D: The authorization for the second key in a 2 key function failed authorization.^[2]
• 0x8028001E: The tag value sent to for a command is invalid.^[2]
• 0x8028001F: An IO error occurred transmitting information to the TPM.^[2]
• 0x80280020: The encryption process had a problem.^[2]
• 0x80280021: The decryption process did not complete.^[2]
• 0x80280022: An invalid handle was used.^[2]
• 0x80280023: The TPM does not have an Endorsement Key (EK) installed.^[2]
• 0x80280024: The usage of a key is not allowed.^[2]
• 0x80280025: The submitted entity type is not allowed.^[2]
• 0x80280026: The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup.^[2]
• 0x80280027: Signed data cannot include additional DER information.^[2]
• 0x80280028: The key properties in TPM_KEY_PARMs are not supported by this TPM.^[2]
• 0x80280029: The migration properties of this key are incorrect.^[2]
• 0x8028002A: The signature or encryption scheme for this key is incorrect or not permitted in this situation.^[2]
• 0x8028002B: The size of the data (or blob) parameter is bad or inconsistent with the referenced key.^[2]
• 0x8028002C: A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, phsicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob.^[2]
• 0x8028002D: Either the physicalPresence or physicalPresenceLock bits have the wrong value.^[2]
• 0x8028002E: The TPM cannot perform this version of the capability.^[2]
• 0x8028002F: The TPM does not allow for wrapped transport sessions.^[2]
• 0x80280030: TPM audit construction failed and the underlying command was returning a failure code also.^[2]
• 0x80280031: TPM audit construction failed and the underlying command was returning success.^[2]
• 0x80280032: Attempt to reset a PCR register that does not have the resettable attribute.^[2]
• 0x80280033: Attempt to reset a PCR register that requires locality and locality modifier not part of command transport.^[2]
• 0x80280034: Make identity blob not properly typed.^[2]
• 0x80280035: When saving context identified resource type does not match actual resource.^[2]
• 0x80280036: The TPM is attempting to execute a command only available when in FIPS mode.^[2]
• 0x80280037: The command is attempting to use an invalid family ID.^[2]
• 0x80280038: The permission to manipulate the NV storage is not available.^[2]
• 0x80280039: The operation requires a signed command.^[2]
• 0x8028003A: Wrong operation to load an NV key.^[2]
• 0x8028003B: NV_LoadKey blob requires both owner and blob authorization.^[2]
• 0x8028003C: The NV area is locked and not writtable.^[2]
• 0x8028003D: The locality is incorrect for the attempted operation.^[2]
• 0x8028003E: The NV area is read only and can't be written to.^[2]
• 0x8028003F: There is no protection on the write to the NV area.^[2]
• 0x80280040: The family count value does not match.^[2]
• 0x80280041: The NV area has already been written to.^[2]
• 0x80280042: The NV area attributes conflict.^[2]
• 0x80280043: The structure tag and version are invalid or inconsistent.^[2]
• 0x80280044: The key is under control of the TPM Owner and can only be evicted by the TPM Owner.^[2]
• 0x80280045: The counter handle is incorrect.^[2]
• 0x80280046: The write is not a complete write of the area.^[2]
• 0x80280047: The gap between saved context counts is too large.^[2]
• 0x80280048: The maximum number of NV writes without an owner has been exceeded.^[2]
• 0x80280049: No operator AuthData value is set.^[2]
• 0x8028004A: The resource pointed to by context is not loaded.^[2]
• 0x8028004B: The delegate administration is locked.^[2]
• 0x8028004C: Attempt to manage a family other then the delegated family.^[2]
• 0x8028004D: Delegation table management not enabled.^[2]
• 0x8028004E: There was a command executed outside of an exclusive transport session.^[2]
• 0x8028004F: Attempt to context save a owner evict controlled key.^[2]
• 0x80280050: The DAA command has no resources availble to execute the command.^[2]
• 0x80280051: The consistency check on DAA parameter inputData0 has failed.^[2]
• 0x80280052: The consistency check on DAA parameter inputData1 has failed.^[2]
• 0x80280053: The consistency check on DAA_issuerSettings has failed.^[2]
• 0x80280054: The consistency check on DAA_tpmSpecific has failed.^[2]
• 0x80280055: The atomic process indicated by the submitted DAA command is not the expected process.^[2]
• 0x80280056: The issuer's validity check has detected an inconsistency.^[2]
• 0x80280057: The consistency check on w has failed.^[2]
• 0x80280058: The handle is incorrect.^[2]
• 0x80280059: Delegation is not correct.^[2]
• 0x8028005A: The context blob is invalid.^[2]
• 0x8028005B: Too many contexts held by the TPM.^[2]
• 0x8028005C: Migration authority signature validation failure.^[2]
• 0x8028005D: Migration destination not authenticated.^[2]
• 0x8028005E: Migration source incorrect.^[2]
• 0x8028005F: Incorrect migration authority.^[2]
• 0x80280061: Attempt to revoke the EK and the EK is not revocable.^[2]
• 0x80280062: Bad signature of CMK ticket.^[2]
• 0x80280063: There is no room in the context list for additional contexts.^[2]
• 0x80280400: The command was blocked.^[2]
• 0x80280401: The specified handle was not found.^[2]
• 0x80280402: The TPM returned a duplicate handle and the command needs to be resubmitted.^[2]
• 0x80280403: The command within the transport was blocked.^[2]
• 0x80280404: The command within the transport is not supported.^[2]
• 0x80280800: The TPM is too busy to respond to the command immediately, but the command could be resubmitted at a later time.^[2]
• 0x80280801: SelfTestFull has not been run.^[2]
• 0x80280802: The TPM is currently executing a full selftest.^[2]
• 0x80280803: The TPM is defending against dictionary attacks and is in a time-out period.^[2]
• 0x80284001: An internal error has occurred within the Trusted Platform Module support program.^[2]
• 0x80284002: One or more input parameters is bad.^[2]
• 0x80284003: A specified output pointer is bad.^[2]
• 0x80284004: The specified context handle does not refer to a valid context.^[2]
• 0x80284005: A specified output buffer is too small.^[2]
• 0x80284006: An error occurred while communicating with the TPM.^[2]
• 0x80284007: One or more context parameters is invalid.^[2]
• 0x80284008: The TBS service is not running and could not be started.^[2]
• 0x80284009: A new context could not be created because there are too many open contexts.^[2]
• 0x8028400A: A new virtual resource could not be created because there are too many open virtual resources.^[2]
• 0x8028400B: The TBS service has been started but is not yet running.^[2]
• 0x8028400C: The physical presence interface is not supported.^[2]
• 0x8028400D: The command was canceled.^[2]
• 0x8028400E: The input or output buffer is too large.^[2]
• 0x8028400F: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer.^[2]
• 0x80284010: The TBS service has been disabled.^[2]
• 0x80284011: No TCG event log is available.^[2]
• 0x80284012: The caller does not have the appropriate rights to perform the requested operation.^[2]
• 0x80284013: The TPM provisioning action is not allowed by the specified flags. For provisioning to be successful, one of several actions may be required. The TPM management console (tpm.msc) action to make the TPM Ready may help. For further information, see the documentation for the Win32_Tpm WMI method 'Provision'. (The actions that may be required include importing the TPM Owner Authorization value into the system, calling the Win32_Tpm WMI method for provisioning the TPM and specifying TRUE for either 'ForceClear_Allowed' or 'PhysicalPresencePrompts_Allowed' (as indicated by the value returned in the Additional Information), or enabling the TPM in the system BIOS.)^[2]
• 0x80284014: The Physical Presence Interface of this firmware does not support the requested method.^[2]
• 0x80284015: The requested TPM OwnerAuth value was not found.^[2]
• 0x80284016: The TPM provisioning did not complete. For more information on completing the provisioning, call the Win32_Tpm WMI method for provisioning the TPM ('Provision') and check the returned Information.^[2]

Sources

1. https://msdn.microsoft.com/en-us/library/cc231198.aspx
2. winerror.h from Windows SDK 10.0.14393.0
3. tpcerror.h from Windows SDK 10.0.14393.0