When you see a "TPM public key match failed" error, the firewall is reporting that the public key it currently holds does not match the record on the CSP. This mismatch typically occurs because: Palo Alto Networks LIVEcommunity Stale Certificate Data:
Get-Tpm Get-TpmEndorsementKeyInfo -HashAlgorithm sha256 When you see a "TPM public key match
On the firewall:
Open a support case if:
typically occurs on Palo Alto Networks firewalls (notably the PA-400 series) when the internal hardware Trusted Platform Module (TPM) debug tpm reset device-certificate >
> debug tpm reset device-certificate > request certificate fetch device-certificate request certificate fetch device-certificate