locked
Websense and WGA RRS feed

  • Question

  • We recently turned on a Websense feature and due to the timing of WGA going to Microsoft's website and when the Windows login scripts run (sometimes 1 second later), users get prompted for Websense credentials. I read in another post a year ago this would be corrected with a new release.

     

    What I believe I have found is any PC with WGA 1.5 connects to Microsoft at every login. PCs with 1.7 don't, at least daily. So my question is does WGA 1.7 still connect to Microsoft every x many days? Does it connect depending on if the PC has validated or not?

     

    We have about 900 PCs and although probably many are validated, most probably aren't because users don't initiate anything to check. We use a WUS server for our updates too. So, depending on the answers to the above questions, can a large number of PCs be forced to validate?

     

    Some of this info may be on MS's WGA website but it's been down all morning....

     

    Thanks.

    Friday, August 17, 2007 6:58 PM

Answers

  •  

    Howdy Guido:

     

    I hope my (detailed... i.e. lengthy) explanation can help you identify your next steps for your user-base.

     

    Yes, the version you have installed on the 2nd pc (1.5.532.0) was part of our pilot program which can be easily removed/disabled http://support.microsoft.com/kb/921914/en-us. This previous program did check for daily updates.

     

    Since then, we have change the code-base significantly with our non-pilot releases (specifically the version you have on the 1st PC 1.7.36.0) which does NOT check daily for updates. For most cases, the PC does not have to "check again" for updates to the Validation Status. However, for volume (i.e. enterprise deployment) we do check every 90-180 days depending on the contract established by your Volume License agreement.

     

    That being said, KB905474 (WGA Notifications) is specifically NOT released via WSUS for enterprises as we do not require large WSUS managed enterprises to go through validation (also should be documented in the Volume License agreement).

     

    You can choose to deploy KB905474 if you wish, but we don't require it. There is no way to "FORCE" validation as it requires Administrative privilieges (your IT Admins can script this upon login or monthly updates but its probably better not to deploy KB905474 to WSUS managed enterprises).

     

    I hope this helps,

    -phil

    Friday, August 17, 2007 11:10 PM

All replies

  • Guido39,

     

    Please run both 1.5 and 1.7 diagnostic tests on different machines. IN turn please post back in your thread the results so we may analyze the output.  Thank you and have a great weekend.

     

     

    Stephen Holm, MS

     

    Friday, August 17, 2007 9:52 PM
  • Here you go. I think what is happening is on the first PC, it was rebuilt earlier this year after the wgatray.exe program was used. The second PC was built back when wgatray.exe was used. So the first PC doesn't have this process and doesn't communicate to MS at every login. The second one does because of wgatray.exe still installed and running.

     

    Please let me know if this sounds correct or not and if correct, how can I get wgtray.exe off the PC so it doesn't communicate with MS at every login.

     

    Thanks.

     

    Here's the 1.7 PC that doesn't communicate with Microsoft at every login:

     

    Diagnostic Report (1.7.0039.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Detailed Status: N/A
    Cached / Grace status: N/A, N/A
    Windows Product Key: *****-*****-42JTX-Y2TTG-TFWRY
    Windows Product Key Hash: 5xRAP3LBuMwcVmkk1xCSKjzpuQ4=
    Windows Product ID: 55274-640-2706686-23574
    Windows Product ID Type: 1
    CSVLK Server: N/A
    CSVLK PID: N/A
    Windows License Type: Volume
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    ID: {041E2C34-B92B-4E47-98CA-30584EDA5FE8}(3)
    Is Admin: Yes
    Commit / Reboot / BRT: N/A, N/A, N/A
    WGA Version: Registered, 1.7.36.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1
    Resolution Status: N/A

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    OGA Version: Failed to retrieve file version. - 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-2993-80070002_025D1FF3-171-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Allowed
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->

    Here's the PC that was 1.5 but now the Windows tab says 1.7 but the Notifications tab still says 1.5

     

    Diagnostic Report (1.7.0039.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Detailed Status: N/A
    Cached / Grace status: N/A, N/A
    Windows Product Key: *****-*****-42JTX-Y2TTG-TFWRY
    Windows Product Key Hash: 5xRAP3LBuMwcVmkk1xCSKjzpuQ4=
    Windows Product ID: 55274-640-2706686-23294
    Windows Product ID Type: 1
    CSVLK Server: N/A
    CSVLK PID: N/A
    Windows License Type: Volume
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    ID: {8B2B861A-80DC-43C6-96B3-9AAD0486C37A}(3)
    Is Admin: Yes
    Commit / Reboot / BRT: N/A, N/A, N/A
    WGA Version: Registered, 1.7.36.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-171-1
    Resolution Status: N/A
     
    Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.5.532.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft
     
    OGA Data-->
    Office Status: 100 Genuine
    OGA Version: Failed to retrieve file version. - 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-2993-80070002_7E90FEE8-169-80004005_B4D0AA8B-514-80004005_7E90FEE8-169-80004005_B4D0AA8B-514-80004005_025D1FF3-171-1
     
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
     
    File Scan Data-->
    Other data-->
    Friday, August 17, 2007 10:44 PM
  •  

    Howdy Guido:

     

    I hope my (detailed... i.e. lengthy) explanation can help you identify your next steps for your user-base.

     

    Yes, the version you have installed on the 2nd pc (1.5.532.0) was part of our pilot program which can be easily removed/disabled http://support.microsoft.com/kb/921914/en-us. This previous program did check for daily updates.

     

    Since then, we have change the code-base significantly with our non-pilot releases (specifically the version you have on the 1st PC 1.7.36.0) which does NOT check daily for updates. For most cases, the PC does not have to "check again" for updates to the Validation Status. However, for volume (i.e. enterprise deployment) we do check every 90-180 days depending on the contract established by your Volume License agreement.

     

    That being said, KB905474 (WGA Notifications) is specifically NOT released via WSUS for enterprises as we do not require large WSUS managed enterprises to go through validation (also should be documented in the Volume License agreement).

     

    You can choose to deploy KB905474 if you wish, but we don't require it. There is no way to "FORCE" validation as it requires Administrative privilieges (your IT Admins can script this upon login or monthly updates but its probably better not to deploy KB905474 to WSUS managed enterprises).

     

    I hope this helps,

    -phil

    Friday, August 17, 2007 11:10 PM