Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000124866

Trusted Platform Module Base Services does not start using Dell Encryption / Dell Data Protection Encryption

Summary: The Trusted Platform Module Base Services does not start when using Dell Encryption (formerly Dell Data Protection | Encryption) on computers running Windows 7.

Article Content


Affected Products:

Dell Encryption
Dell Data Protection | Encryption

Affected Platforms:

Windows 7

Dell Encryption users that experience the Trusted Platform Module Base Services do not start issue, may also have the following issues including but not limited to:

  • Fingerprints may not store properly in the Security Console.
  • HCAs cannot provision.
  • BitLocker does not work.
  • Other software that leverages the TPM does not function properly, this issue occurs when the Microsoft TPM Base Services are improperly installed.

If the TPM Base Services do not install properly, in the Microsoft services panel, TPM Base Services does not show the status Started or does not stay in the status Started.

  • From the Dell Encryption client log file, the issue appears as:
Tpm : management not possible because TPM Base services did not start
Bde : volume C: detected
Bde : volume C: waiting on SED status to be reported
Tpm : waiting for TPM configuration


Microsoft has released an update that causes the TPM Base Services to be removed from the device, reference SLN296706_en_US__2iC_External_Link_BD_v1.


Note: To repair functionality in Windows 7, follow the article below (This article only applies to Windows 7.)
Windows 8, Windows 8.1, and Windows 10 (all variants) do not have a TPM Base Services Service.

We must import the *.dll that is being used, to resolve. This is the tbssvc.dll, and it should be placed in C:\Windows\system32.

This can be pulled from any working computer.

After that we have to register the service. This is not do-able with the DLL itself, so we can leverage the initial version of the service that is in the registry. Using this registry string has helped with getting the TPM Base Service installed.

(copy the below into a text file, rename to .reg, and then run to import)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TBS] "DisplayName"="@%SystemRoot%\\system32\\tbssvc.dll,-100" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\   74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\   00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\   6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\   00,65,00,41,00,6e,00,64,00,4e,00,6f,00,49,00,6d,00,70,00,65,00,72,00,73,00,\   6f,00,6e,00,61,00,74,00,69,00,6f,00,6e,00,00,00 "Description"="@%SystemRoot%\\system32\\tbssvc.dll,-101" "ObjectName"="NT AUTHORITY\\LocalService" "ErrorControl"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000020 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\   00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\   67,00,65,00,00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,\   00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\   00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TBS\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\   00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\   74,00,62,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TBS\Security] "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\   00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\   00,00,02,00,84,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\   05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\   20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\   00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,9d,01,\   02,00,01,01,00,00,00,00,00,05,14,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,\   00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\   00,00,00,05,12,00,00,00

This leverages the SVCHost to start properly, so we must modify the SVCHost LocalServiceAndNoImpersonation values.

  • Open Services.msc
  • Open the properties of the service that wont start.
  • Make a note of the last entry at the end of Path to executable that is C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.
  • In the registry, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
  • In the right pane, open the string that matches the Path to executable entry, then add the exact service name.
  • Close regedit and reboot, now check if the service has started.

On Reboot, everything should be functioning properly and the TPM Base Services can be used by other applications.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Article Properties

Affected Product

Dell Encryption

Last Published Date

13 Apr 2022



Article Type