3.2.5.4 Receiving Error Reply

If ErrorReply received is and Retryable flag is set, the client MAY retry performing attestation.

If AttemptedOperationMode in client is not equal to the ExpectedOperationMode received in OperationModeErrorReply, the client performs the following:

  • The client MUST update AttemptedOperationMode with the mode of operation received from the server.

  • If the ExpectedOperationMode received is TPM and client supports TPM 2.0, and the Retryable flag is set, client MAY retry performing attestation by sending the subsequent TpmRequestInitial or AttestationRequest to “/attest” endpoint.

  • If the ExpectedOperationMode received is AD and the Retryable flag is set, client MAY retry performing attestation by sending the subsequent ADRequest to “/domainattest” endpoint.

  • If the ExpectedOperationMode received is HostKey and the Retryable flag is set, client MAY retry performing attestation by sending the subsequent AttestationRequest to “/hostkeyattest” endpoint.

If the client receives PolicyEvaluationErrorReply, the client performs the following:

  • The client receives EvaluationLog from the server indicating failure in attestation. If the Retryable flag is set, the client MAY retry performing attestation based on the Reason in EvaluationLog.

  • If the client received UnauthorizedErrorReply, it indicates that the client is not authorized to receive an AttestationHealthCertificate.