Newsletter Archives

• I blew it again

  Posted on January 11, 2019 at 10:28 CST by woody • Comment in the Forums

  

  For the %$#@!th time in a few years, I’ve completely blown a bit of sleuthing.

  Earlier this week, I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced. The cause? Win7 PCs attached to corporate networks were suddenly declaring themselves to be disingenuous. Or not genuine. Whatever.

  I looked into the problem early in the cycle and figured it was an error due to this month’s Win7 patches, KB 4480970 and KB 4480960, somehow aided and abetted by an ancient Win7 patch known as KB 971033. Looked like a duck. Projectile pooped like a penguin.

  Ends up, I was wrong. @abbodi86 pointed out — and Microsoft has confirmed — that the bug lies in its Activation update servers, which just happened to be changed at the same time the Win7 patches went out. The bug only affects Win7 activation on machines that have KB 971033 installed. Sometimes a projectile pooping penguin duck is a phantasy. Say that ten times real fast.

  I’m wrong. They’re right.

  Don’t worry. It’ll happen again.

  Windows Patches/Security KB 4480960, KB 4480970, KB 971033, Win7 activation

• Win7 Enterprise clients reporting “Not Genuine”, 0xc004f200, when they’ve been working for years

  Posted on January 9, 2019 at 16:38 CST by woody • Comment in the Forums

  Blame KB 971033, which shouldn’t even get installed on KMS-controlled machines.

  For some unknown reason, earlier today, Microsoft suddenly started pushing the eight-month-old KB 971033 — an “update for Windows Activation Technologies” that was released on April 17.

  I’m seeing cries of pain all over the internet. For example, torontojc reports on the Reddit sysadmin forum:

  Woke up this morning to find a few thousand Windows 7 VDI machines reporting that Windows 7 wasn’t genuine. After much troubleshooting we found that KB971033 (should not have been installed in a KMS environment in the first place) was installed on these machines. Until today having this KB installed hasn’t been an issue, it appears a change to how Microsoft’s activation servers respond to a standard KMS key being sent to them may be to blame.

  Removing the update, deleting the KMS cache and activation data from the PC’s and re-activating against KMS resolved the issue.

  Most of the responses recommend uninstalling the patch then reaming out the systems, but Nick on Microsoft’s TechNet forum says:

  I found that the only steps I required were as follows. I didn’t need to uninstall the KB971033 patch in my case, even though it was installed. Nor did I need to delete the tokens.dat or cache.dat.

  net stop sppsvc
  del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah
  del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah
  net start sppsvc
  slmgr /ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
  slmgr /ato

  We are currently trying to decide whether to roll out this workaround to all our clients, or to wait a day or two to see if Microsoft issue a patch for the problem. It has been widely reported on Reddit/r/sysadmin too.

  If you hit the problem, let us know how you solved it.

  UPDATE: Looks like it wasn’t a problem with this month’s patches. It’s a bug in a change MS made in the way its Activation Servers behave, that just coincided with the patch push. The bug sets off red lights if you have the old KB 971033 installed. @abbodi86 has details and a link here. Günter Born has an article here. And Martin Brinkmann has more details here.

  Windows Patches/Security 0xc004f200, KB 971033, Win7 "Not Genuine"