Palo Alto Failed To Fetch Device Certificate Tpm Public Key Match Failed Updated [top] May 2026

Ensure Windows manages the TPM owner hierarchy. Do not manually reset TPM using BIOS without clearing Palo Alto first.

A known bug (PAN-313623) in some PAN-OS 12.1.x versions causes temporary Ensure Windows manages the TPM owner hierarchy

Note: This reduces security posture but restores connectivity while TPM is RMA’d. Ensure Windows manages the TPM owner hierarchy

to gain root access. This allows them to manually delete the corrupted certificate from the device's filesystem and reset the local certificate state. CLI commands Ensure Windows manages the TPM owner hierarchy