<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Verify Enrollment Issues on Windows - Related to TPM, 0x80290407
Oct 6, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview

This knowledge article may help resolve the following enrollment issues:

  • Admins are unable to enroll users with Okta Verify for Windows
  • When looking in the Okta Verify logs/Event Viewer, the error code 0x80290407 is seen.
Applies To
  • Okta Identity Engine (OIE)
  • Windows
  • Okta Verify
Cause

If users cannot enroll in Okta Verify for Windows, first review the Event View logs/Okta Verify logs. If any of the following errors are seen, this solution may resolve the issue: 

  • Encountered a cryptographic error while enrolling:. Exception: Failed call to native method CreateSilentKeyPair, HResult: 0x80290407., ErrorCode=UnknownError
  • Failed call to native method CreateSilentKeyPair, HResult: 0x80290407.
  • Failed to finalize key: An unexpected internal error has occurred in the Platform Crypto Provider. [0x80290407]

If these errors are seen, there may be an issue with the Trusted Platform Module (TPM) on the machine. 

Solution
  1. Please check out this article about How to view the logs/Event viewer for Windows Okta Verify, if needed.
  2. Review TPM under Windows security to see if there is an update
    1. On the Windows computer, open the Windows Defender Security Center app.
    2. Select Device security.
    3. Select Security processor details.

      Windows Defender Security Center app 

    4. Select Security processor troubleshooting.

      Windows Defender Security Center 

    5. Look at the top for Error Messages. Are there any error messages that indicate a firmware update is necessary? Example below: 
      Screen shot of example TPM firmware update message
      • If so, update the computer firmware to resolve these internal TPM errors.
      • Alternatively, if a request to clear the TPM only is displayed, also clear it by pressing the Clear TPM button at the bottom of the image.
        • NOTE: Clearing the TPM causes the loss of all keys associated with the TPM and the data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that there is a backup available and a recovery method for any data that is protected or encrypted by the TPM
    6. Once the firmware is updated, attempt the enrollment again, and it should be successful.

See Troubleshoot the TPM | Microsoft for additional details on troubleshooting the TPM, and contact Microsoft Support for any further issues. 

Recommended content

Still looking for help?
Loading
Okta Verify Enrollment Issues on Windows - Related to TPM, 0x80290407