Remove From My Forums

Win 7 KMS failure on select laptops

Question
0

Sign in to vote

We have a random amount of laptops that for some reason refuse to stay activated on our KMS. Some never activate and some just drop off. We have confirmed that the KMS is getting the requests but we are not sure why the request is not activating on the client.

Here is the dump:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
Windows Product ID: 00392-918-5000002-85741
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {64607E89-0F3A-4FEA-A112-86E39D8AFE8C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: T:20140114122017268-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{64607E89-0F3A-4FEA-A112-86E39D8AFE8C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85741</PID><PIDType>1</PIDType><SID>S-1-5-21-3934021588-226487601-3069067626</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>2522W3X</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>6IET77WW (1.37 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20110509000000.000000+000</Date></BIOS><HWID>34E03507018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-6I   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAAL8qAAAAAAAAYWECAAAAAAAiItIa5vzOAROJf9ybj7SsIEe8hMh9DOGiYTbSMsGhCrawcUL27pgIyJ4nymkAK4OhP8Em3ktOPPVJKxlfJdDkL8d8uy2F+S0zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH1O30wknqp6VEkDc+pvVAHB0/UdxUVyujALeWNXuEivQzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4Yo24VFVWaGw7pvsE8BtnCQScsoiEte2ccs7JVwS1II0ZOORqzdqcz8m3XDucHV3ADOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBOJf9ybj7SsIEe8hMh9DOH7EyR0iNvEjCdYtfxK9iNDLovk+qPeaqg0NWI8tKvWFGTjkas3anM/Jt1w7nB1dwAzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH6DH+6bv5bdZH/jcb5K+Nq+7AntwlpnJKNCiITirg3WEzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Enterprise edition
Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Activation ID: ae2ee509-1b34-41c0-acb7-6d4650168915
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00392-00170-918-500000-03-1033-7601.0000-0152014
Installation ID: 014962636293733553959514764232701071933511170793450653
Partial Product Key: HVTHH
License Status: Notification
Notification Reason: 0xC004F056.
Remaining Windows rearm count: 5
Trusted time: 1/16/2014 7:17:58 AM
Please use slmgr.vbs /ato to activate and update KMS client information in order to update values.

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAEAAwABAAEAAAABAAAABAABAAEA6GFqvz1yiIIe3nSuqLsQ4gbuSE9Iflb+7BVcXQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           LENOVO       TP-6I
FACP           LENOVO       TP-6I
HPET           LENOVO       TP-6I
BOOT           LENOVO       TP-6I
MCFG           LENOVO       TP-6I
SSDT           LENOVO       TP-6I
ECDT           LENOVO       TP-6I
ASF!           LENOVO       TP-6I
SLIC           LENOVO       TP-6I
SSDT           LENOVO       TP-6I
TCPA           PTL       CRESTLN
SSDT           LENOVO       TP-6I
SSDT           LENOVO       TP-6I
SSDT           LENOVO       TP-6I

Thank you in advance!

Thursday, January 16, 2014 1:40 PM

Answers

0

Sign in to vote
That appears to be a fairly old version? (2012 version, at least) - RU4 was released in Oct 2013.

It may be that it's hooking into the system at the wrong places, considering the updates that have gone on since.

Do you have to option to upgrade/date to the latest?

If so, I'd create a new master image with the new one rather than attempt to uninstall the old and update the image that way.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Marked as answer by PodGoDon Wednesday, January 29, 2014 6:57 PM
Monday, January 27, 2014 5:39 PM

Moderator

All replies

0

Sign in to vote
TTS Error: T:20140114122017268-

You have a Trusted Store Tamper - often the result of over-zealous cleanup software/routines or malware.

You need to work out what happened to the system during the 3-4 days prior to the timestamp above, and see if you can work out whether it's a software install, user action, or malware causing the problem - then you can either re-educate the users, modify/replace the software, or remove the malware.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonModerator Sunday, January 26, 2014 11:43 AM
Thursday, January 16, 2014 5:10 PM

Moderator
0

Sign in to vote

Thanks for the quick response. Is there someway we could find out which file is causing the problem?

Thursday, January 16, 2014 6:54 PM
0

Sign in to vote

Check the Reliability History - Click the Start button, type reliability and select the 'View reliability history' option - see what it has to say about that date, and check back to see if there are similar events earlier - when you find the first, see what the last software installs/updates were prior, and investigate them.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, January 16, 2014 9:52 PM

Moderator
0

Sign in to vote

Thanks again - I'll try this and report back.

Friday, January 17, 2014 1:07 PM
0

Sign in to vote

Good luck! - these can be difficult to isolate if it's not malware :(

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Friday, January 17, 2014 1:33 PM

Moderator
0

Sign in to vote
OK so here is what we found... If we follow these procedures we can activate 80% of the "Not Genuine" laptops:

Stopped softwareProtection service
Deleted content of C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform folder
Ran cscript slmgr.vbs /rilc
Rebooted twice
Ran cscript slmgr.vbs /ato

Here is the before DIAG:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
Windows Product ID: 00392-918-5000002-85741
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: T:20140121160728676-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85741</PID><PIDType>1</PIDType><SID>S-1-5-21-221155014-2938626188-12158226</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>4180BW8</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>83ET59WW (1.29 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20110601000000.000000+000</Date></BIOS><HWID>8EDD3C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-83   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAALkwAAAAAAAAYWECAID4//+F86PhbxTPAROJf9ybj7SsIEe8hMh9DOHCg1tndQSLfdOJrxGMmXEGuoNvdSZI3MTYgfHcx5YeVQQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhEMoG9DoJH8oArUeHX9i04nQKlrhQMpo3zqEqiMD2RpYED+zKs9CKH2tzwZgbuw4YM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4XaMrkMXOBeISh9VnhqeO9/GC29QTCcyY4g5weo+QYuLBA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBOJf9ybj7SsIEe8hMh9DOGIfoD1XBrDcio15YC6I+4x3yjPtYjrSRZT8tiDVbhDugQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhqs+FdY+9N5VqK2kXcYG0ViJXAmQk93CtIndIgDtjbLbDdMb6Fr1BBvW2+w0uyt/LM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4U8Wwf3iloSZmtY6AMblNZlDtGMYRANg2EXTiz6b1UE6BA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDHh1mzGz+zFpBJmHoMIS4EeWTJQDIdQQPjtRlVoziwdeHQwFe74ZzhCl0HRMVRSB+TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

Licensing Data-->
Software licensing service version: 6.1.7601.17514
Error: product key not found.

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAEAAwABAAEAAAABAAAAAwABAAEA6GHeXQPOopYorW7BjlQEAtaqBIRQeHDgLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           LENOVO       TP-83
FACP           LENOVO       TP-83
HPET           LENOVO       TP-83
MCFG           LENOVO       TP-83
SLIC           LENOVO       TP-83
SSDT           LENOVO       TP-SSDT2
SSDT           LENOVO       TP-SSDT2
SSDT           LENOVO       TP-SSDT2
ECDT           LENOVO       TP-83
ASF!           LENOVO       TP-83
TCPA           PTL       LENOVO
SSDT           LENOVO       TP-SSDT2
SSDT           LENOVO       TP-SSDT2
UEFI           LENOVO       TP-83
UEFI           LENOVO       TP-83
UEFI           LENOVO       TP-83

======================================================================================

Here is the after:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
Windows Product ID: 00392-918-5000002-85741
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.004
ID: {0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: T:20140121160728676-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\WINDOWS\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0E53EAFC-325D-4FFC-A361-9BE3CA050AEA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85741</PID><PIDType>1</PIDType><SID>S-1-5-21-221155014-2938626188-12158226</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>4180BW8</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>83ET59WW (1.29 )</Version><SMBIOSVersion major="2" minor="6"/><Date>20110601000000.000000+000</Date></BIOS><HWID>8EDD3C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-83   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAACAAAALkwAAAAAAAAYWECAID4//+F86PhbxTPAROJf9ybj7SsIEe8hMh9DOHCg1tndQSLfdOJrxGMmXEGuoNvdSZI3MTYgfHcx5YeVQQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhEMoG9DoJH8oArUeHX9i04nQKlrhQMpo3zqEqiMD2RpYED+zKs9CKH2tzwZgbuw4YM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4XaMrkMXOBeISh9VnhqeO9/GC29QTCcyY4g5weo+QYuLBA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBOJf9ybj7SsIEe8hMh9DOGIfoD1XBrDcio15YC6I+4x3yjPtYjrSRZT8tiDVbhDugQP7Mqz0Iofa3PBmBu7DhgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwTiX/cm4+0rCBHvITIfQzhqs+FdY+9N5VqK2kXcYG0ViJXAmQk93CtIndIgDtjbLbDdMb6Fr1BBvW2+w0uyt/LM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgME4l/3JuPtKwgR7yEyH0M4U8Wwf3iloSZmtY6AMblNZlDtGMYRANg2EXTiz6b1UE6BA/syrPQih9rc8GYG7sOGDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDHh1mzGz+zFpBJmHoMIS4EeWTJQDIdQQPjtRlVoziwdeHQwFe74ZzhCl0HRMVRSB+TOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Enterprise edition
Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Activation ID: ae2ee509-1b34-41c0-acb7-6d4650168915
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00392-00170-918-500000-03-1033-7601.0000-0232014
Installation ID: 015792789923381685253931183240206504315864726671749853
Partial Product Key: HVTHH
License Status: Licensed
Volume activation expiration: 259200 minute(s) (180 day(s))
Remaining Windows rearm count: 1
Trusted time: 1/23/2014 8:10:10 AM

Key Management Service client information
    Client Machine ID (CMID): c17b935b-0a3f-4cea-92a4-4f695395b250
    KMS machine name from DNS: vsnhq1coap01kms.corporate.amfam.com:1688
    KMS machine extended PID: 55041-00168-313-023593-03-1033-3790.0000-3382009
    Activation interval: 120 minutes
    Renewal interval: 10080 minutes
    KMS host caching is enabled

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MgAAAAEAAwABAAEAAAABAAAAAwABAAEA6GHeXQPOopYorW7BjlQEAtaqBIRQeBAtLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           LENOVO       TP-83
FACP           LENOVO       TP-83
HPET           LENOVO       TP-83
MCFG           LENOVO       TP-83
SLIC           LENOVO       TP-83
SSDT           LENOVO       TP-SSDT2
SSDT           LENOVO       TP-SSDT2
SSDT           LENOVO       TP-SSDT2
ECDT           LENOVO       TP-83
ASF!           LENOVO       TP-83
TCPA           PTL       LENOVO
SSDT           LENOVO       TP-SSDT2
SSDT           LENOVO       TP-SSDT2
UEFI           LENOVO       TP-83
UEFI           LENOVO       TP-83
UEFI           LENOVO       TP-83

===================================================================

So my questions is - Are we on the right path?
- Proposed as answer by Noel D PatonModerator Sunday, January 26, 2014 11:43 AM
Thursday, January 23, 2014 2:27 PM
0

Sign in to vote

TTS Error: T:20140121160728676-

The timestamp on this machine is different :) - but the error is at least of the same ilk.

Certainly, that approach is a potential one - but what worries me is that it appears to avoid actually defining the source of the problem, which means that it may be a temporary fix at best.

I'd be very interested to see a report from one or two of the machines that still fail after this procedure.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, January 23, 2014 7:38 PM

Moderator
0

Sign in to vote

It sure would be nice if MS would flag the files it thinks were tampered with... I guess we will let you know in 180 days ;0) Thanks for all your help!!! IOU a beer.

Don

Thursday, January 23, 2014 7:43 PM
0

Sign in to vote

c/o https://www.facebook.com/groups/322740914470274/permalink/561109860633377/ :D

more seriously, though - you're really are not the only one!.

I've read something approaching 30K MGADiag reports - of which less than 300 at a guess have had TS Tampers. They appear to becoming more frequent with the ageing of Win7 :( I would have expected them to become less common, as devs adjusted to the needs of 7, but the reverse seems to be the case - which is why I always tend to lean towards the malware as a cause.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, January 23, 2014 7:59 PM

Moderator
0

Sign in to vote

So get this... We reboot the offending machine (one of the 20% that won't activate) and MGADIAG TST date/time stamp changes :-/ with every reboot it changes. So being the resourceful guys over here, we run PROCMON and compare the timestamp to whats going on. No Joy - nothing is really hopping at that time, but earlier in the boot we see update services trying to update. Any thoughts? The MGA reports from above (from the one that activated) were run today but the timestamp is from the 21st.

Thursday, January 23, 2014 9:09 PM
0

Sign in to vote

You said the reports were run today but have a timestamp of the 21st. Is the date/time accurate and being saved between power cycles? Power off, wait 10 minutes then power back on and confirm that the system clock/calendar is still correct. If not, the CMOS battery may be dead.
Please do not read this sentence. Please ignore the previous sentence.

Thursday, January 23, 2014 9:41 PM
0

Sign in to vote

Nothing so simple, I'm afraid, Kamin :)

The timestamp of the latst report is

Trusted time: 1/23/2014 8:10:10 AM

the TTS timestamp may or may not change - if it does change it means that the guilty app/malware/whatever is still present and active.

If it doesn't change, then it means that you have a chance of a reset working.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, January 23, 2014 10:13 PM

Moderator
0

Sign in to vote

Looks like the guilty app is Symantec. The date kept changing until we turned off Symantec. Once we turned it off the TTS date stayed constant and the laptop registered with the KMS.

Monday, January 27, 2014 1:14 PM
0

Sign in to vote

Somehow, that doesn't surprise me at all!

Which incarnation of Symantec are you using?

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Monday, January 27, 2014 5:04 PM

Moderator
0

Sign in to vote

SEP 12.1.1000.157 RU1

Monday, January 27, 2014 5:08 PM
0

Sign in to vote
That appears to be a fairly old version? (2012 version, at least) - RU4 was released in Oct 2013.

It may be that it's hooking into the system at the wrong places, considering the updates that have gone on since.

Do you have to option to upgrade/date to the latest?

If so, I'd create a new master image with the new one rather than attempt to uninstall the old and update the image that way.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Marked as answer by PodGoDon Wednesday, January 29, 2014 6:57 PM
Monday, January 27, 2014 5:39 PM

Moderator
0

Sign in to vote

I'll have to check with the security group.

Tuesday, January 28, 2014 8:23 PM

Answered by:

Win 7 KMS failure on select laptops

Question

Answers

All replies