How To Windows

Pre-Attestation Health Checks Confirm a Critical Component Has Failed

By Raj Bepari 3 min read
Recommended: Download Windows Speedup Tool to quickly fix PC issues.

The error message “Pre-attestation health checks confirm a critical component has failed” typically appears during Windows security validation processes related to device health attestation, TPM (Trusted Platform Module), Secure Boot, or virtualization-based security features such as Windows Defender Credential Guard and Device Guard.

This issue usually occurs after BIOS updates, TPM resets, firmware changes, corrupted system files, or security configuration mismatches. It may prevent access to certain enterprise resources, Windows security features, BitLocker, or device compliance checks in managed environments.

Fixing this error requires verifying TPM status, Secure Boot configuration, Windows security services, and system integrity. Follow the steps below carefully to restore proper system attestation.

How to Fix “Pre-Attestation Health Checks Confirm a Critical Component Has Failed”

Proceed step by step and verify whether the error disappears after completing each method.

1. Restart the Computer

Temporary firmware or security validation glitches can trigger this message.

  1. Save all open work.
  2. Restart your PC.
  3. Check whether the error appears again.

A reboot often resets attestation validation processes.

2. Verify TPM Status

Trusted Platform Module must be enabled and functioning properly.

  1. Press Windows + R.
  2. Type tpm.msc and press Enter.
  3. Confirm that TPM status shows Ready for use.
  4. If TPM is not ready, continue with the next step.

TPM is critical for device health attestation.

3. Enable TPM in BIOS or UEFI

If TPM is disabled, Windows security validation will fail.

  1. Restart your PC.
  2. Enter BIOS/UEFI settings.
  3. Locate TPM settings (may appear as Intel PTT or AMD fTPM).
  4. Enable TPM.
  5. Save changes and exit BIOS.
  6. Boot into Windows and recheck TPM status.

TPM must remain enabled for Secure Boot and attestation features.

4. Verify Secure Boot Is Enabled

Secure Boot ensures system integrity during startup.

  1. Press Windows + R.
  2. Type msinfo32 and press Enter.
  3. Locate Secure Boot State.
  4. Ensure it shows On.

If Secure Boot is off, enable it in BIOS.

5. Clear and Reinitialize TPM (If Corrupted)

Corrupted TPM data may trigger the error.

  1. Open Windows Security.
  2. Go to Device security.
  3. Select Security processor details.
  4. Click Security processor troubleshooting.
  5. Select Clear TPM.
  6. Restart your PC.

Only perform this step if you understand that BitLocker keys may be required.

6. Check Windows Security Services

Security services must be running properly.

  1. Press Windows + R.
  2. Type services.msc and press Enter.
  3. Ensure the following services are running:
    1. Security Health Service
    2. Windows Security Service
    3. Cryptographic Services
  4. Set their startup type to Automatic.

Stopped services can cause attestation failures.

7. Run System File Checker (SFC)

Corrupted system files may cause component validation failure.

  1. Open Command Prompt as administrator.
  2. Run: sfc /scannow
  3. Restart Windows after the scan completes.

This repairs damaged system files.

8. Repair Windows Image Using DISM

If SFC does not resolve the issue:

  1. Open Command Prompt as administrator.
  2. Run: DISM /Online /Cleanup-Image /RestoreHealth
  3. Restart your PC.

DISM repairs deeper system image corruption.

9. Check Device Guard or Credential Guard Configuration

Virtualization-based security settings may be misconfigured.

  1. Open Windows Security.
  2. Go to Device security.
  3. Review Core isolation settings.
  4. Disable and re-enable Memory integrity if needed.
  5. Restart the system.

Improper virtualization configuration may trigger attestation errors.

10. Update BIOS and Firmware

Outdated firmware can cause security component validation failure.

  1. Identify your motherboard or system model.
  2. Visit the manufacturer’s official support website.
  3. Download the latest BIOS update.
  4. Follow manufacturer instructions carefully.
  5. Restart Windows after updating.

Firmware mismatches commonly affect TPM and Secure Boot validation.

11. Check Windows Update

System security updates may fix attestation bugs.

  1. Open Settings.
  2. Go to Windows Update.
  3. Click Check for updates.
  4. Install available updates.
  5. Restart your PC.

Security patches often resolve compliance issues.

12. Reset Windows Security Policies (Enterprise Systems)

If the device is managed by an organization:

  1. Disconnect from work or school account temporarily.
  2. Reconnect and allow policies to reapply.
  3. Contact your IT administrator if the issue persists.

Device health attestation is often tied to enterprise compliance policies.

Final Thoughts

The error “Pre-attestation health checks confirm a critical component has failed” is typically related to TPM, Secure Boot, virtualization-based security, or corrupted system files rather than hardware failure. In most cases, verifying TPM status, enabling Secure Boot, and repairing system files resolves the issue.

Raj Bepari

I’m a digital content creator passionate about everything tech.