Windows 8.1 Update - 'A TCG Command has returned an error' - Automatic Encryption Involved?

I've got a desktop system which has been showing error messages in the Event Viewer ever since the upgrade to Windows 8.1 Update.  It's an error in EnhancedStorage-EhStorTcgDrv that says "A TCG Command has returned an error".  The error is with the "AuthenticateSession" command.

Doing a bunch of research shows that this error involves SSD encryption.  However, this is for a gaming PC with no personal information on it.  There's no need for Bitlocker or anything of that sort on it.  So I'm not entirely sure why it's sending that command in the first place other than if it's using the "Opal" / Microsoft eDrive spec for automatic encryption. The SSD I'm using (Plextor PX-M5M) does fully support the Opal specification, but I do not have a TPM, and as this is a desktop PC it doesn't support Connected Standby, two features that previously were requirements for automatic encryption on Windows 8.1.  Did something change with regards to these requirements in Windows 8.1 Update? 

I guess the really important question is... is this actually a message I should be worried about?  It's listed in Event Viewer as critical.  Can it just be ignored instead?

For what it's worth, my first thought was actually that the SSD or the mSATA slot it is installed in were the cause.  However, both of those have been swapped out as part of my troubleshooting, and that hasn't solved anything.


Question Info

Last updated October 7, 2018 Views 12,338 Applies to:


Thank you for your response.

Did you try performing clean boot?

Sometimes, "A TCG Command has returned an error" message appears because the device encryption is turned on.

I would suggest you to turn off the device encryption and check if it helps. Device encryption is turned on by default. Please use these steps.

a. If you have performed a clean install of Windows 8.1, device encryption is turned on by default. If you have upgraded a previous Windows installation to Windows 8.1, you can turn device encryption on by using PC info.

b. To open PC info, swipe in from the right edge of the screen, tap "Settings", and then tap "Change PC settings". (If you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, click "Settings", and then click "Change PC settings".)

c. Tap or click "PC & devices", and then tap or click "PC info". The "Device Encryption" section appears at the bottom of the PC info page.

d. In the "Device Encryption" section, select "Turn On".

To opt out of automatic device encryption:

If you do not want the devices you are deploying to be automatically protected with device encryption, you can configure the unattend file to enforce the following registry setting:

• Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker

• Value: PreventDeviceEncryption equal to True (1)


Note: Serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

For reference:
What's New in BitLocker for Windows 8.1 and Windows Server 2012 R2

I hope this information helps.

Thank you

13 people were helped by this reply


Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.