locked
WGA troubles RRS feed

  • Question

  • No way to start Security-SPP :

    Log Name:      Application
    Source:        Microsoft-Windows-Security-SPP
    Date:          21.02.2014 21:59:49
    Event ID:      1001
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      xxxxxxx-PC
    Description:
    The Software Protection service failed to start. 0x80070002
    6.1.7601.17514
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
        <EventID Qualifiers="49152">1001</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2014-02-21T20:59:49.000000000Z" />
        <EventRecordID>92000</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>xxxxxxx-PC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>0x80070002</Data>
        <Data>6.1.7601.17514</Data>
      </EventData>
    </Event>

    Service Control Manager:

    Log Name:      System
    Source:        Service Control Manager
    Date:          21.02.2014 21:59:50
    Event ID:      7023
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      xxxxxxx-PC
    Description:
    The Software Protection service terminated with the following error:
    The system cannot find the file specified.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7023</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-02-21T20:59:50.400065200Z" />
        <EventRecordID>270996</EventRecordID>
        <Correlation />
        <Execution ProcessID="740" ThreadID="10984" />
        <Channel>System</Channel>
        <Computer>xxxxxxx-PC</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Software Protection</Data>
        <Data Name="param2">%%2</Data>
      </EventData>
    </Event>

    Diagnostic Report (1.9.0019.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50

    Cached Validation Code: N/A, hr = 0xc0000022
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{47DAAEC4-1138-49D4-9684-B0A31EC9C91E}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-61081905-837718168-3433156493</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision M4600</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="6"/><Date>20111018000000.000000+000</Date></BIOS><HWID>B7803507018400FE</HWID><UserLCID>0810</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x80070426' to display the error text.
    Error: 0x80070426

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: 0x00000000
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 2:18:2014 22:00
    WAT Activex: Registered
    WAT Admin Service: Registered

    HWID Data-->
    HWID Hash Current: PgAAAAEAAAABAAMAAwACAAAABgABAAEAHKLsmHIOxHR6JPRdxPUMRpjsQjTOn1YqeFwk/cjCcoq+Qd7xLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  
      SSDT   DELLTP  TPM

    Thanks if you can help...




    • Edited by Roggino Friday, February 21, 2014 9:41 PM
    Friday, February 21, 2014 9:34 PM

Answers

  • ...I lied!

    The SPLDR service has been disabled - and this is the cause of your problems.

    Please run the following command in an Elevated Command Prompt, and then reboot.

    SC CONFIG SPLDR start= auto

    after the reboot, post another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Monday, February 24, 2014 2:59 PM
    Moderator

All replies

  • (Have you EVER used Norton software on this machine?)

    Please run the following commands, and post the results.reg query

    REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR /S

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLSVC

    REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPPSVC

     They may show something

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Friday, February 21, 2014 10:24 PM
    Moderator
  • Hi,

    yes on this machine is running a Symantec Endpoint Protection

    and the result of the querys is:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\services\spldr /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr
        DisplayName    REG_SZ    Security Processor Loader Driver
        ErrorControl    REG_DWORD    0x3
        Start    REG_DWORD    0x4
        Type    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spldr\Enum
        0    REG_SZ    Root\LEGACY_SPLDR\0000
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1


    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPL
    DR /S

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR
        NextInstance    REG_DWORD    0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000
        Service    REG_SZ    spldr
        Legacy    REG_DWORD    0x1
        ConfigFlags    REG_DWORD    0x400
        Class    REG_SZ    LegacyDriver
        ClassGUID    REG_SZ    {8ECC055D-047F-11D1-A537-0000F8753ED1}
        DeviceDesc    REG_SZ    Security Processor Loader Driver
        Capabilities    REG_DWORD    0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPLDR\0000\Control


    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SLS
    VC
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SPP
    SVC
    ERROR: The system was unable to find the specified registry key or value.

    Thanks in advance of your Help

    Monday, February 24, 2014 2:09 PM
  • Those results seem normal

    EP doesn't usually cause many problems that we see here, so it's likely something else...

    Please run the following commands in an ELevated COmmand Prompt, and post the results.

    NET START SPLDR SC QC SPLDR SC QUERYEX SPLDR NET START SPPSVC SC QC SPPSVC SC QUERYEX SPPSVC

    .


    They may show where the problem is.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, February 24, 2014 2:55 PM
    Moderator
  • ...I lied!

    The SPLDR service has been disabled - and this is the cause of your problems.

    Please run the following command in an Elevated Command Prompt, and then reboot.

    SC CONFIG SPLDR start= auto

    after the reboot, post another MGADiag report.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Monday, February 24, 2014 2:59 PM
    Moderator
  • That was now the software protection service is working fine....

    Diagnostic Report (1.9.0019.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0

    Cached Validation Code: 0x0
    Windows Product Key: *****-*****-M3DJT-4J3WC-733WD
    Windows Product Key Hash: xo+ajVSpae7/4VoZjS7m6JL0f3A=
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {47DAAEC4-1138-49D4-9684-B0A31EC9C91E}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{47DAAEC4-1138-49D4-9684-B0A31EC9C91E}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-733WD</PKey><PID>00371-OEM-8992671-00524</PID><PIDType>2</PIDType><SID>S-1-5-21-61081905-837718168-3433156493</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Precision M4600</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="6"/><Date>20111018000000.000000+000</Date></BIOS><HWID>B7803507018400FE</HWID><UserLCID>0810</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>CBX3   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00178-926-700524-02-1033-7601.0000-3572011
    Installation ID: 010692948074642531424603811464312460402182152134192194
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 733WD
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 24.02.2014 16:10:31

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: 0x00000000
    HealthStatus: 0x0001000000000000
    Event Time Stamp: 2:18:2014 22:00
    WAT Activex: Registered
    WAT Admin Service: Registered

    HWID Data-->
    HWID Hash Current: PgAAAAEAAAABAAMAAwACAAAABgABAAEAHKLsmHIOxHR6JPRdxPUMRpjsQjTOn1YqeFwk/cjCcoq+Qd7xLnM=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    CBX3  
      FACP   DELL    CBX3  
      HPET   A M I    PCHHPET
      BOOT   DELL    CBX3   
      MCFG   DELL    SNDYBRDG
      TCPA     
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      SSDT   DELLTP  TPM
      DMAR   INTEL   SNB
      SLIC   DELL    CBX3  
      SSDT   DELLTP  TPM

    Thanks again.

    Monday, February 24, 2014 3:17 PM
  • :) - That all looks OK now.

    Any idea what may have switched off the SPLDR service? it's possibly some tweaking tool or the like?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, February 24, 2014 3:28 PM
    Moderator
  • I know taht's happend on the 12-13 of february,

    I have seen a lot of Microsoft updates on 12, but no idea if one of them has switched of that service.

    Other install I have to check if I have done in that time.

    I'll have a look if I can find something and I'll write again here..

    In the meantime Thanks again.

    Monday, February 24, 2014 3:34 PM
  • None of those updates should have touched that service - certainly they didn't here.

    It's much more likely to have been third-party software than an update.

    Whatever, at least it's fixed :)

    Good luck!


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Monday, February 24, 2014 4:44 PM
    Moderator