View Categories

TPM has malfunction error 80090016 keyset does not exist

5 min read

9 possible fixes for the error “TPM has malfunction with error 80090016”

The TPM malfunction error 80090016 (keyset does not exist) typically occurs when there is an issue with the Trusted Platform Module (TPM) and its cryptographic keys. This error often affects Microsoft Office apps (such as Outlook) or Windows Hello for Business when trying to sign in.

🔹 Causes #

  • Corrupt TPM keys or certificates
  • TPM module misconfiguration
  • Windows or Office updates affecting TPM settings
  • User profile issues
  • BitLocker interference
  • User profile or credentials become outdated or misaligned.
  • Software updates cause authentication failures.
  • TPM settings are misconfigured or disabled in BIOS.

Fixes for TPM Malfunction Error 80090016 #

1️⃣ Restart the PC #

  • A simple restart can sometimes clear the TPM cache.

2️⃣ Clear TPM #

  1. Press Win + R, type tpm.msc, and hit Enter.
  2. Click Clear TPM (Administrator rights required).
  3. Restart your computer and allow TPM to reset.

3️⃣ Reset TPM via Command Prompt #

  1. Open Command Prompt (Admin) (Win + X > Terminal (Admin))
  2. Run:powershellCopyEdittpmtool.exe reset
  3. Restart your computer.

4️⃣ Delete Microsoft.AAD.BrokerPlugin Credentials #

  1. Open Run (Win + R), type cmdkey /list, and press Enter.
  2. Look for Microsoft_AAD_BrokerPlugin and Enterprise_Cloud.
  3. Open Credential Manager (Win + S → search “Credential Manager”).
  4. Under Windows Credentials, find and remove entries related to Microsoft_AAD_BrokerPlugin.
  5. Restart the PC.

5️⃣ Check TPM Status #

  1. Open Device Manager (Win + X → Device Manager).
  2. Expand Security Devices.
  3. Check if Trusted Platform Module is enabled.
  4. If not, right-click and select Enable Device.

6️⃣ Re-register Office Credentials #

If this error appears in Microsoft Office apps, try:

  1. Sign out of Office (File → Account → Sign out).
  2. Close all Office apps.
  3. Delete the Office Identity Cache:
    • Navigate to %LOCALAPPDATA%\Microsoft\Office\16.0\IdentityCache
    • Delete all files in this folder.
  4. Restart the PC and sign in again.

7️⃣ Reinstall TPM Driver #

  1. Open Device Manager.
  2. Expand Security Devices.
  3. Right-click Trusted Platform Module and select Uninstall Device.
  4. Restart the PC to let Windows reinstall the TPM driver.

8️⃣ Ensure TPM is Enabled in BIOS #

  1. Restart your PC and enter BIOS (F2, F10, Del, or Esc depending on the manufacturer).
  2. Go to Security or Trusted Computing.
  3. Ensure TPM (or PTT for Intel, fTPM for AMD) is enabled.
  4. Save and exit BIOS.

9️⃣ Remove and Re-register the TPM Key Storage Provider (KSP) #

  1. Create a new user account
  2. Log in as the new user and rename the affected user Microsoft Broker Plugin (C:\Users\Username\Appdata\Local\Packages\Microsoft.AAD.BroketPlugin_cw5n1h2txyewy
  3. Log back into the affected user, clear all credentials and try to sign in again

If Issue Persists #

  • Create a new user account, and sign into Ms 365 again
  • Check for Windows updates (Win + I → Windows Update).
  • Update your BIOS and chipset drivers from the manufacturer’s website.
  • If BitLocker is enabled, suspend BitLocker, restart, and resume it.
  • Check Microsoft website for further troubleshooting and possible fixes.

What is TPM (Trusted Platform Module)? #

The Trusted Platform Module (TPM) is a specialized security chip built into modern computers that provides hardware-based cryptographic functions. It is designed to securely store sensitive information, such as encryption keys, passwords, and digital certificates, making it a fundamental component for data protection and system integrity.

Unlike software-based security solutions, which can be vulnerable to malware or hacking attempts, TPM operates at the hardware level, making it significantly more secure. TPM is widely used in personal computers, enterprise environments, and government systems where security is a top priority.

How Does TPM Work? #

TPM functions as a secure vault within your computer, ensuring that critical security-related operations occur in a tamper-resistant environment. It provides:

  • Cryptographic Key Storage: TPM generates and securely stores encryption keys that cannot be extracted or duplicated.
  • Secure Boot: TPM ensures that the system boots with trusted and unmodified firmware, protecting against malware and rootkits.
  • Authentication & Credential Protection: It enhances security for login credentials, including Windows Hello and multi-factor authentication.
  • BitLocker Encryption Support: TPM encrypts and decrypts data stored on drives, preventing unauthorized access if the device is lost or stolen.

Why is TPM Important? #

TPM is a critical security feature in modern computing, providing:

  1. Hardware-Based Security: Since TPM operates independently of the main operating system, it is less susceptible to software-based attacks.
  2. Prevention of Unauthorized System Changes: TPM verifies system integrity before booting, ensuring that malware or unauthorized modifications cannot alter the startup process.
  3. Protection Against Credential Theft: TPM secures passwords and authentication data, reducing the risk of phishing or credential-based attacks.
  4. Enterprise Security Compliance: Many organizations and governments require TPM for compliance with security standards like FIPS 140-2, ISO 27001, and Microsoft’s security baseline.

Common Use Cases of TPM #

TPM is widely implemented across different security applications, including:

  • Windows Hello for Business – Uses TPM to securely store biometric authentication data.
  • BitLocker Drive Encryption – TPM ensures that encrypted drives cannot be accessed if removed from the original system.
  • Secure Email and Digital Signatures – TPM manages cryptographic certificates for encrypted email and secure document signing.
  • VPN and Network Authentication – TPM helps in securing 802.1X authentication and certificate-based network access.
  • Zero Trust Security Architectures – Organizations use TPM as part of their zero-trust strategy to ensure all devices are securely authenticated.

TPM in Windows & Why It Can Malfunction #

Microsoft mandates TPM 2.0 for security features like BitLocker, Windows Hello, and Virtualization-Based Security (VBS). However, TPM can malfunction due to:

  • Corrupt cryptographic keys
  • BIOS/firmware misconfigurations
  • Windows or driver updates disrupting TPM operations
  • Misalignment between TPM and user authentication credentials