Answered by:
Win 7 KMS failure on select laptops

Question
-
We have a random amount of laptops that for some reason refuse to stay activated on our KMS. Some never activate and some just drop off. We have confirmed that the KMS is getting the requests but we are not sure why the request is not activating on the client.
Here is the dump:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
Windows Product ID: 00392-918-5000002-85741
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {64607E89-0F3A-4FEA-A112-86E39D8AFE8C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: T:20140114122017268-
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\WINDOWS\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{64607E89-0F3A-4FEA-A112-86E39D8AFE8C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85741</PID><PIDType>1</PIDType><SID>S-1-5-21-3934021588-226487601-3069067626</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>2522W3X</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>6IET77WW (1.37 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20110509000000.000000+000</Date></BIOS><HWID>34E03507018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-6I </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAACAAAAL8qAAAAAAAAYWECAAAAAAAiItIa5vzOAROJf9ybj7SsIEe8hMh9DOGiYTbSMsGhCrawcUL27pgIyJ4nymkAK4OhP8Em3ktOPPVJKxlfJdDkL8d8uy2F+S0zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH1O30wknqp6VEkDc+pvVAHB0/UdxUVyujALeWNXuEivQzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4Yo24VFVWaGw7pvsE8BtnCQScsoiEte2ccs7JVwS1II0ZOORqzdqcz8m3XDucHV3ADOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBOJf9ybj7SsIEe8hMh9DOH7EyR0iNvEjCdYtfxK9iNDLovk+qPeaqg0NWI8tKvWFGTjkas3anM/Jt1w7nB1dwAzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH6DH+6bv5bdZH/jcb5K+Nq+7AntwlpnJKNCiITirg3WEzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Enterprise edition
Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Activation ID: ae2ee509-1b34-41c0-acb7-6d4650168915
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00392-00170-918-500000-03-1033-7601.0000-0152014
Installation ID: 014962636293733553959514764232701071933511170793450653
Partial Product Key: HVTHH
License Status: Notification
Notification Reason: 0xC004F056.
Remaining Windows rearm count: 5
Trusted time: 1/16/2014 7:17:58 AM
Please use slmgr.vbs /ato to activate and update KMS client information in order to update values.
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: NAAAAAEAAwABAAEAAAABAAAABAABAAEA6GFqvz1yiIIe3nSuqLsQ4gbuSE9Iflb+7BVcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-6I
FACP LENOVO TP-6I
HPET LENOVO TP-6I
BOOT LENOVO TP-6I
MCFG LENOVO TP-6I
SSDT LENOVO TP-6I
ECDT LENOVO TP-6I
ASF! LENOVO TP-6I
SLIC LENOVO TP-6I
SSDT LENOVO TP-6I
TCPA PTL CRESTLN
SSDT LENOVO TP-6I
SSDT LENOVO TP-6I
SSDT LENOVO TP-6I
Thank you in advance!Thursday, January 16, 2014 1:40 PM
Answers
-
That appears to be a fairly old version? (2012 version, at least) - RU4 was released in Oct 2013.
It may be that it's hooking into the system at the wrong places, considering the updates that have gone on since.
Do you have to option to upgrade/date to the latest?
If so, I'd create a new master image with the new one rather than attempt to uninstall the old and update the image that way.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Marked as answer by PodGoDon Wednesday, January 29, 2014 6:57 PM
Monday, January 27, 2014 5:39 PMModerator
All replies
-
TTS Error: T:20140114122017268-
You have a Trusted Store Tamper - often the result of over-zealous cleanup software/routines or malware.
You need to work out what happened to the system during the 3-4 days prior to the timestamp above, and see if you can work out whether it's a software install, user action, or malware causing the problem - then you can either re-educate the users, modify/replace the software, or remove the malware.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Proposed as answer by Noel D PatonModerator Sunday, January 26, 2014 11:43 AM
Thursday, January 16, 2014 5:10 PMModerator -
Thanks for the quick response. Is there someway we could find out which file is causing the problem?Thursday, January 16, 2014 6:54 PM
-
Check the Reliability History - Click the Start button, type reliability and select the 'View reliability history' option - see what it has to say about that date, and check back to see if there are similar events earlier - when you find the first, see what the last software installs/updates were prior, and investigate them.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Thursday, January 16, 2014 9:52 PMModerator -
Thanks again - I'll try this and report back.Friday, January 17, 2014 1:07 PM
-
Good luck! - these can be difficult to isolate if it's not malware :(
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Friday, January 17, 2014 1:33 PMModerator -
OK so here is what we found... If we follow these procedures we can activate 80% of the "Not Genuine" laptops:
- Stopped softwareProtection service
- Deleted content of C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform folder
- Ran cscript slmgr.vbs /rilc
- Rebooted twice
- Ran cscript slmgr.vbs /ato
Here is the before DIAG:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
Windows Product ID: 00392-918-5000002-85741
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: T:20140121160728676-
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\WINDOWS\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85741</PID><PIDType>1</PIDType><SID>S-1-5-21-221155014-2938626188-12158226</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>4180BW8</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>83ET59WW (1.29 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20110601000000.000000+000</Date></BIOS><HWID>8EDD3C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-83 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAACAAAALkwAAAAAAAAYWECAID4//+F86PhbxTPAROJf9ybj7SsIEe8hMh9DOHCg1tndQSLfdOJrxGMmXEGuoNvdSZI3MTYgfHcx5YeVQQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhEMoG9DoJH8oArUeHX9i04nQKlrhQMpo3zqEqiMD2RpYED+zKs9CKH2tzwZgbuw4YM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4XaMrkMXOBeISh9VnhqeO9/GC29QTCcyY4g5weo+QYuLBA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBOJf9ybj7SsIEe8hMh9DOGIfoD1XBrDcio15YC6I+4x3yjPtYjrSRZT8tiDVbhDugQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhqs+FdY+9N5VqK2kXcYG0ViJXAmQk93CtIndIgDtjbLbDdMb6Fr1BBvW2+w0uyt/LM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4U8Wwf3iloSZmtY6AMblNZlDtGMYRANg2EXTiz6b1UE6BA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDHh1mzGz+zFpBJmHoMIS4EeWTJQDIdQQPjtRlVoziwdeHQwFe74ZzhCl0HRMVRSB+TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Error: product key not found.
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MgAAAAEAAwABAAEAAAABAAAAAwABAAEA6GHeXQPOopYorW7BjlQEAtaqBIRQeHDgLnM=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-83
FACP LENOVO TP-83
HPET LENOVO TP-83
MCFG LENOVO TP-83
SLIC LENOVO TP-83
SSDT LENOVO TP-SSDT2
SSDT LENOVO TP-SSDT2
SSDT LENOVO TP-SSDT2
ECDT LENOVO TP-83
ASF! LENOVO TP-83
TCPA PTL LENOVO
SSDT LENOVO TP-SSDT2
SSDT LENOVO TP-SSDT2
UEFI LENOVO TP-83
UEFI LENOVO TP-83
UEFI LENOVO TP-83
======================================================================================Here is the after:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
Windows Product ID: 00392-918-5000002-85741
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: T:20140121160728676-
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\WINDOWS\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watweb.dll[Hr = 0x80070003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85741</PID><PIDType>1</PIDType><SID>S-1-5-21-221155014-2938626188-12158226</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>4180BW8</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>83ET59WW (1.29 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20110601000000.000000+000</Date></BIOS><HWID>8EDD3C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-83 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAACAAAALkwAAAAAAAAYWECAID4//+F86PhbxTPAROJf9ybj7SsIEe8hMh9DOHCg1tndQSLfdOJrxGMmXEGuoNvdSZI3MTYgfHcx5YeVQQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhEMoG9DoJH8oArUeHX9i04nQKlrhQMpo3zqEqiMD2RpYED+zKs9CKH2tzwZgbuw4YM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4XaMrkMXOBeISh9VnhqeO9/GC29QTCcyY4g5weo+QYuLBA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBOJf9ybj7SsIEe8hMh9DOGIfoD1XBrDcio15YC6I+4x3yjPtYjrSRZT8tiDVbhDugQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhqs+FdY+9N5VqK2kXcYG0ViJXAmQk93CtIndIgDtjbLbDdMb6Fr1BBvW2+w0uyt/LM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4U8Wwf3iloSZmtY6AMblNZlDtGMYRANg2EXTiz6b1UE6BA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDHh1mzGz+zFpBJmHoMIS4EeWTJQDIdQQPjtRlVoziwdeHQwFe74ZzhCl0HRMVRSB+TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Enterprise edition
Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Activation ID: ae2ee509-1b34-41c0-acb7-6d4650168915
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00392-00170-918-500000-03-1033-7601.0000-0232014
Installation ID: 015792789923381685253931183240206504315864726671749853
Partial Product Key: HVTHH
License Status: Licensed
Volume activation expiration: 259200 minute(s) (180 day(s))
Remaining Windows rearm count: 1
Trusted time: 1/23/2014 8:10:10 AM
Key Management Service client information
Client Machine ID (CMID): c17b935b-0a3f-4cea-92a4-4f695395b250
KMS machine name from DNS: vsnhq1coap01kms.corporate.amfam.com:1688
KMS machine extended PID: 55041-00168-313-023593-03-1033-3790.0000-3382009
Activation interval: 120 minutes
Renewal interval: 10080 minutes
KMS host caching is enabled
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: MgAAAAEAAwABAAEAAAABAAAAAwABAAEA6GHeXQPOopYorW7BjlQEAtaqBIRQeBAtLnM=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-83
FACP LENOVO TP-83
HPET LENOVO TP-83
MCFG LENOVO TP-83
SLIC LENOVO TP-83
SSDT LENOVO TP-SSDT2
SSDT LENOVO TP-SSDT2
SSDT LENOVO TP-SSDT2
ECDT LENOVO TP-83
ASF! LENOVO TP-83
TCPA PTL LENOVO
SSDT LENOVO TP-SSDT2
SSDT LENOVO TP-SSDT2
UEFI LENOVO TP-83
UEFI LENOVO TP-83
UEFI LENOVO TP-83
===================================================================So my questions is - Are we on the right path?
- Proposed as answer by Noel D PatonModerator Sunday, January 26, 2014 11:43 AM
Thursday, January 23, 2014 2:27 PM -
TTS Error: T:20140121160728676-
The timestamp on this machine is different :) - but the error is at least of the same ilk.
Certainly, that approach is a potential one - but what worries me is that it appears to avoid actually defining the source of the problem, which means that it may be a temporary fix at best.
I'd be very interested to see a report from one or two of the machines that still fail after this procedure.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Thursday, January 23, 2014 7:38 PMModerator -
It sure would be nice if MS would flag the files it thinks were tampered with... I guess we will let you know in 180 days ;0) Thanks for all your help!!! IOU a beer.
Don
Thursday, January 23, 2014 7:43 PM -
c/o https://www.facebook.com/groups/322740914470274/permalink/561109860633377/ :D
more seriously, though - you're really are not the only one!.
I've read something approaching 30K MGADiag reports - of which less than 300 at a guess have had TS Tampers. They appear to becoming more frequent with the ageing of Win7 :( I would have expected them to become less common, as devs adjusted to the needs of 7, but the reverse seems to be the case - which is why I always tend to lean towards the malware as a cause.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Thursday, January 23, 2014 7:59 PMModerator -
So get this... We reboot the offending machine (one of the 20% that won't activate) and MGADIAG TST date/time stamp changes :-/ with every reboot it changes. So being the resourceful guys over here, we run PROCMON and compare the timestamp to whats going on. No Joy - nothing is really hopping at that time, but earlier in the boot we see update services trying to update. Any thoughts? The MGA reports from above (from the one that activated) were run today but the timestamp is from the 21st.Thursday, January 23, 2014 9:09 PM
-
You said the reports were run today but have a timestamp of the 21st. Is the date/time accurate and being saved between power cycles? Power off, wait 10 minutes then power back on and confirm that the system clock/calendar is still correct. If not, the CMOS battery may be dead.
Please do not read this sentence. Please ignore the previous sentence.
Thursday, January 23, 2014 9:41 PM -
Nothing so simple, I'm afraid, Kamin :)
The timestamp of the latst report is
Trusted time: 1/23/2014 8:10:10 AM
the TTS timestamp may or may not change - if it does change it means that the guilty app/malware/whatever is still present and active.
If it doesn't change, then it means that you have a chance of a reset working.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Thursday, January 23, 2014 10:13 PMModerator -
Looks like the guilty app is Symantec. The date kept changing until we turned off Symantec. Once we turned it off the TTS date stayed constant and the laptop registered with the KMS.Monday, January 27, 2014 1:14 PM
-
Somehow, that doesn't surprise me at all!
Which incarnation of Symantec are you using?
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Monday, January 27, 2014 5:04 PMModerator -
SEP 12.1.1000.157 RU1Monday, January 27, 2014 5:08 PM
-
That appears to be a fairly old version? (2012 version, at least) - RU4 was released in Oct 2013.
It may be that it's hooking into the system at the wrong places, considering the updates that have gone on since.
Do you have to option to upgrade/date to the latest?
If so, I'd create a new master image with the new one rather than attempt to uninstall the old and update the image that way.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Marked as answer by PodGoDon Wednesday, January 29, 2014 6:57 PM
Monday, January 27, 2014 5:39 PMModerator -
I'll have to check with the security group.Tuesday, January 28, 2014 8:23 PM