There are several possible causes of the "Failed to Fetch Device Certificate - TPM Public Key Match Failed" error:
: Existing invalid or expired certificates on the device may conflict with new fetch requests. There are several possible causes of the "Failed
The error message "TPM public key match failed" indicates a failure in this cryptographic handshake. Essentially, the software layer (PAN-OS) is presenting a certificate or a public key to the TPM driver, and the TPM is rejecting it. and the TPM is rejecting it.