Blog

How to Fix Microsoft Pluton Cryptographic Provider Error

6 min read
13 minutes ago

If you’ve encountered the Microsoft Pluton Cryptographic Provider Error, you’re likely facing difficulties in running security-related applications or making use of hardware-backed cryptographic functions. This error can be particularly frustrating because it’s tied to newer hardware and software security architecture embedded directly into the CPU. Fortunately, with some understanding and a few practical steps, it’s possible to fix this issue and get your system back on track.

TL;DR (Too Long; Didn’t Read)

The Microsoft Pluton Cryptographic Provider Error usually occurs due to compatibility issues, outdated firmware, improper BIOS settings, or incorrect cryptographic provider configurations. To fix it, ensure your Windows and firmware are updated, reset or configure Pluton properly in the BIOS/UEFI, and verify cryptographic service and provider settings in Windows. If you’re still experiencing problems, re-registering the cryptographic providers or reinstalling certificate services may help.

What Is the Microsoft Pluton Chip?

The Microsoft Pluton security processor is a hardware-based security module embedded into modern CPUs, such as select AMD and Intel processors. It is designed to bring Trusted Platform Module (TPM) features directly into the CPU, enhancing protection against key extraction, firmware attacks, and hardware-based tampering.

Pluton can act as a TPM 2.0 module and is tightly integrated with Windows. However, its somewhat novel ecosystem means software and hardware conflicts aren’t uncommon—especially on new systems where BIOS and firmware settings might not be correctly optimized.

Common Signs and Triggers of the Error

Before delving into fixes, it’s helpful to understand how the error typically surfaces. Users have reported encountering the Pluton error in the following scenarios:

  • During Windows startup or post-login security checks
  • While attempting to register or install certificates
  • When using applications that depend on cryptographic functions (e.g., VPNs or BitLocker)
  • After a BIOS update or OS upgrade/reset

The actual error message might not clearly state “Pluton,” but it could point to cryptographic providers or TPM modules not being accessible.

Step-by-Step Guide to Fix the Microsoft Pluton Cryptographic Provider Error

1. Check Windows Updates and Firmware

Always start by ensuring your system is fully up to date.

  1. Go to Settings > Update & Security > Windows Update and click Check for updates.
  2. If firmware or security updates are available, install them and restart your system.
  3. Also, visit your CPU or motherboard manufacturer’s website to download the latest BIOS/UEFI firmware compatible with your model.

Outdated UEFI firmware may fail to properly expose the Pluton chip to Windows, causing the error.

2. Verify and Configure Pluton in BIOS/UEFI

Accessing your system’s BIOS settings is critical, particularly on hardware with a Pluton chip. Here’s how you can check:

  1. Reboot your PC, and during the startup screen, press the BIOS-access key for your system (commonly Del or F2).
  2. Navigate to the Security or Advanced tab, depending on your BIOS layout.
  3. Look for Microsoft Pluton or Security Device Support.

You may see Pluton in one of three states:

  • Enabled: Pluton is active as TPM.
  • Disabled: The OS will not have access to Pluton features.
  • Firmware Update mode: Typically used by OEMs, you may need to switch to Enabled for normal operation.

Make sure Pluton is enabled if you’re using BitLocker or other cryptographic services. Save changes and exit the BIOS.

3. Restart the Cryptographic Services

If the error persists, Windows services related to cryptography may be corrupted or misbehaving. Restarting them can help.

  1. Open Run using Win + R, type services.msc, and hit Enter.
  2. Scroll down to find:
    • Cryptographic Services
    • Windows Defender Security Center Service
  3. Right-click each and select Restart.

If any of these services fail to restart or are missing, it could point to deeper OS corruption.

4. Re-register Cryptographic DLLs via Command Line

Sometimes, essential components related to the cryptographic provider might be unregistered. Use the Command Prompt to re-register them:

  1. Open Command Prompt as Administrator (Right-click Start > Command Prompt (Admin))
  2. Execute each of these commands one by one:
    • regsvr32 cryptext.dll
    • regsvr32 rsaenh.dll
    • regsvr32 dssenh.dll
    • regsvr32 gpkcsp.dll
    • regsvr32 sccbase.dll
    • regsvr32 slbcsp.dll
    • regsvr32 mssphtb.dll

You should see confirmation dialogs after each successful registration. Restart your computer after executing all commands.

5. Check the Registry for Cryptographic Providers

An incorrect registry setting might prevent Windows from recognizing the correct cryptographic provider backed by Pluton.

CAUTION: Editing the registry incorrectly can harm your system. Always create a backup first.

  1. Open Run and type regedit to open the Registry Editor.
  2. Navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers
  3. Check for any unusual entries or missing Microsoft default providers like:
    • Microsoft Software Key Storage Provider
    • Microsoft Smart Card Key Storage Provider
    • Microsoft Platform Crypto Provider

If these are absent, you may need to repair your Windows installation or restore default cryptography files via DISM or SFC tools.

6. Use DISM and SFC to Repair System Files

  1. Open Command Prompt as Administrator
  2. Run the following commands in order: 
    DISM /Online /Cleanup-Image /RestoreHealth
sfc /scannow
  3. Wait for each command to complete (can take some time).

These diagnostic utilities scan and repair system file corruption that might prevent proper detection of cryptographic services.

When to Consider a System Reset or OEM Support

If none of the above steps solve the problem, consider performing a Windows Repair Install or contacting your hardware OEM for assistance. The Pluton chip is integrated into the CPU and tightly managed by OEM firmware. In some cases, particularly on business or enterprise devices, settings may be locked down.

Also consider the possibility that your system has a firmware-level issue that cannot be resolved easily. A reset to factory BIOS defaults followed by firmware reinstallation may sometimes fix obscure errors.

Conclusion

The Microsoft Pluton Cryptographic Provider Error is typically a result of mismatches between hardware firmware, operating system configurations, and the cryptographic services that depend on them. As new hardware like Pluton continues to roll out, occasional conflicts are inevitable—but, thankfully, solvable in most cases.

By methodically updating software, adjusting BIOS settings, and verifying Windows services and registry settings, you can likely fix the issue without resorting to a full system reinstall. If you’re still stuck after following these steps, your best bet might be diagnostic support from Microsoft or your device’s OEM.
</