Unable to establish a connection with the Activation Server
-
2012. július 3. 20:35
I am battling with an issue with XP activation. After removing some spyware, I got stuck in an activation loop. ie this copy is already activated...logout. repeat... I've solved that problem and can now get to the activate XP over the internet, but I am unable to do so over the network. I do have network connectivity as I can use the 'narrator workaround' and get to google.com etc. The system date and time are correct. What could be happening here. The copy is genuine, and if possible I don't want to have to call MS to reactivate. I am more interested in trying to determine the problem and fix this issue rather than just calling. I will then have a better understanding of the issue, possible causes, so on and so forth.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Not Activated
Validation Code: 1
Cached Validation Code: N/A
Windows Product Key: *****-*****-F7432-T438X-X89VB
Windows Product Key Hash: OD0CKyfGc+F2e603plNlu8FLhCk=
Windows Product ID: 76477-OEM-2111556-82076
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {F4FCC252-2DBC-4369-85F3-F761E5CCBB05}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x0
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F4FCC252-2DBC-4369-85F3-F761E5CCBB05}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-X89VB</PKey><PID>76477-OEM-2111556-82076</PID><PIDType>3</PIDType><SID>S-1-5-21-1078081533-630328440-682003330</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>1005HA</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1102 </Version><SMBIOSVersion major="2" minor="5"/><Date>20091016000000.000000+000</Date><SLPBIOS>SNC302EEH,SNC302EEH,SNC302EEH,SNC302EEH</SLPBIOS></BIOS><HWID>D1AE080001844065</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name> </name><model> </model></SBID><OEM/><GANotification><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:ASUSTeK Computer Inc|14EB0:ASUSTeK Computer Inc|165F0:GENUINE C&C INC|B267:HITACHI, Ltd|B267:HITACHI, Ltd|B267:HITACHI, Ltd
Marker string from OEMBIOS.DAT: SNC302EEH,SNC302EEH,SNC302EEH,SNC302EEH
OEM Activation 2.0 Data-->
N/A
Az összes válasz
-
2012. július 3. 22:02Moderátor
There is a very strange Marker string in the OEMBIOS.DAT file - that file doesn''t usually exist in OEM System Builder installs, so I'm wondering what effect that would have on activation.
What happens if you attempt validation at www.microsoft.com/genuine/validate ?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
2012. július 3. 22:09I get an error that the page cannot be displayed. I again verified that I can get to google.com and tried FF and IE. Same results. I can verify that the site is not down as I tried the link from another computer and the page displayed properly.
- Szerkesztette: J_Perry 2012. július 3. 22:11 addition
-
2012. július 3. 22:34Moderátor
That sounds like you still have malware present - check your Hosts file, and check for IPCONFIG /ALL for errant entries
run NETSH WINSOCK RESET and reboot.
What cleanup software have you used?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
2012. július 3. 23:00Only entry in the HOSTS is my loopback. ipconfig looked normal. I used mbam for cleanup and it reports no malicious items at this time. Ran netsh winsock reset and then rebooted. Still, no luck. I can't even access top level Microsoft.com. This is quite odd.
-
2012. július 3. 23:29Moderátor
Not odd at all - I suspect that there's a secondary redirection somewhere.
I'll bet you can't get to somewhere like www.symantec.com, either?
I had one machine where this happened, and I had to delve into the registry an manually rip out a virtual NIC that had taken over all traffic, inserting a redirect to a DNS server.
Check your DNS settings - are they on automatic, or fixed? If the latter, are they a known 'good' IP?
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
2012. július 4. 0:55
You know, after what you mentioned earlier the first thing that came to mind was a DNS redirect. It's set to auto, but I'm going to try 8.8.8.8 and see what happens. It's kinda fun trying to beat the clock before the explore.exe process dies. Cause when it does, I have to run control.exe and start again. And I appreciate you helping me out with this. Kudos my friend!!! you
edit: you were right about www.symantec.com
edit: using google's dns had no effect. still can't access microsoft.com
edit: how did you go about locating this virtual nic and determining it was rogue?
- Szerkesztette: J_Perry 2012. július 4. 1:14 addition
-
2012. július 4. 11:06Moderátor
(AT least you're on XP - it's easier there! - and it's gotta be 4 years since I did this...)
Start by looking in Device Manager - Check that all the physical Networing items are present and correct.
Actually. thinking about it, HiJackthis may be helpful here - http://www.trendmicro.co.uk/products/free-tools-and-services/index.html - Run it and save the Log file - copy the content to your reply but DO NOT do anything except close HiJackThis down. It WILL cause major problems if you're not very careful.
Also include a copy of the IPCONFIG /ALL output.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
-
2012. július 5. 21:39
I can't access http://www.trendmicro.co.uk/products/free-tools-and-services/index.html I might be able to in safe mode. Would that help?
edit: Nevermind, I dl the hijackthis msi, and will go that route. Stand by...
edit: That didn't work as I cannot connect to free.antivirus.com/us/ which is where the msi redirects me... also all physical networking items in device manager seem to be fine.
Windows IP Configuration
Host Name . . . . . . . . . . . . : lesleipc-5de246
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.ciber.net
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : corp.ciber.net
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 90-E6-BA-9A-3E-53
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.23.94.90
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.23.94.1
DHCP Server . . . . . . . . . . . : 172.23.94.1
DNS Servers . . . . . . . . . . . : 172.23.105.51
172.23.105.53
Lease Obtained. . . . . . . . . . : Thursday, July 05, 2012 5:30:15 PM
Lease Expires . . . . . . . . . . : Friday, July 06, 2012 5:30:15 PM
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-25-D3-C8-67-FF
- Szerkesztette: J_Perry 2012. július 5. 21:46 addition
-
2012. július 6. 10:03Moderátor
Both your DNS addresses are private IP's - which means that the servers could be poisoned.
Try fixing the DNS to
4.2.2.3 and 8.8.4.4
then try and get HiJackThis again from TrendMicro
If it fails, download it from http://www.filehippo.com/download_hijackthis/
run it, and post the result.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
- Válasznak javasolta: Noel D PatonMicrosoft Community Contributor, Editor 2012. július 10. 9:17
- Válasznak való javaslatot visszavonta: Carey FrischMVP, Editor 2012. július 10. 17:34
-
2012. július 10. 17:09 I ended up just throwing Win7 on it. I appreciate your help a great deal. It still bothers me that I never got to the bottom of it.
- Megjelölte válaszként: Carey FrischMVP, Editor 2012. július 10. 17:34
