locked
Invalid Licence problem RRS feed

  • Question

  • Dear Sir(s),

     

    A customer of mine has a strange problem since a couple of weeks. He bought a new HP Notebook from us and after using it for a while he suddenly got messages saying that he does not have a valid windows vista licence. Always when I try validating the licence again it gives error: 0x80070426 or error 0xC004D401.

     

    About the secord error, I already checked it out a none of the software listed is installed on the laptop, actually, there is hardly any software on the notebook except the stuff that HP installs.

     

    I've heard about a server problem a while ago that gave a lot of people the same problem as I have now, sadly, validating and restarting doesn't seem to work though...

     

    Code Snippet

     

    Diagnostic Report (1.7.0069.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004d401
    Cached Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-GD2PK-BD3R2-44MV3
    Windows Product Key Hash: f7FPE6g/CLFmnJ4E6GbEU9Xn1sA=
    Windows Product ID: 89572-OEM-7332166-00021
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6000.2.00010300.0.0.002
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {8347D030-6E37-4E76-9DC1-2551BE04431B}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: Registered, 1.7.59.1
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Basic
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.071009-1548
    TTS Error: M:20080225112127179-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 102
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-2920-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3_B4D0AA8B-784-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{8347D030-6E37-4E76-9DC1-2551BE04431B}</UGUID><Version>1.7.0069.0</Version><OS>6.0.6000.2.00010300.0.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-44MV3</PKey><PID>89572-OEM-7332166-00021</PID><PIDType>2</PIDType><SID>S-1-5-21-680591575-139701131-2515682963</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq 6720s</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68MDU Ver. F.01</Version><SMBIOSVersion major="2" minor="4"/><Date>20070705000000.000000+000</Date></BIOS><HWID>84333507018400EA</HWID><UserLCID>0813</UserLCID><SystemLCID>0413</SystemLCID><TimeZone>West-Europa (standaardtijd)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><BRT/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><PidType>19</PidType></Product></Products></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAH8KAAAAAAAAYWECADAgAAAugUMXTVzIAVMWKYGB4wMcsbz+lAen7WfHT8LQVWxREDQayhCmzmZ0CZeDPclBfb6W0iIZWOdsve97BuxrKcj+9gzTrUJt+r3p7auVQTlhl0k2V9i4kKdrnKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nbQczhdT4Z9LllfnD4YnJSRSRYMVmkxlHq7h+LUTlEZbvewbsaynI/vYM061Cbfq9oqvnUDrz/XtvNpSv9CBX15ynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ0KMBB0+LoFVsW5rsVYy7O9C3GEu6+Ur8DmmkEvHSASa73sG7GspyP72DNOtQm36vUC3A0hL6OtWMiPBHKwoUnWcp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TSSEtFRIj5TdIEPFKhxQkM7PvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wc2MB01yQZvVbbpYFPpb58dCvJsLl33us2OxgHhloOGSu97BuxrKcj+9gzTrUJt+r28qhYvI/Sijurm+sG0itqVnKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nTMbRX6szq6DVjkqz+4H/9Bprq0hlngOt3GkAXPiaBLjvewbsaynI/vYM061Cbfq9JXt98lyj3aSqaMIHeWVaIJynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ8vDecfUSpluClZg47ToLStRybDFV34UB6UUtvgx3uWc73sG7GspyP72DNOtQm36vSfy6EpOKZxR6nF/Qe8tKr6cp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TSSEtFRIj5TdIEPFKhxQkM7PvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WfdC7wXYMiGeCddzErATWY/5X7UQt2ek+YGX1aqxX1VLO97BuxrKcj+9gzTrUJt+r0AeYYPfGzsPSuHhFwo7IeAnKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1ne+tJHnM66k6eCWiqoNjR1/iFx4YPhAF+Vfuo8vAfngvvewbsaynI/vYM061Cbfq9X0YfDxOOtqGAKWebrSitQJynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ/DY/1o44ckWDEv3krCgqBDwAZk5dYctvr2L+74xN2uL73sG7GspyP72DNOtQm36veMdRsCnDRi1Psiw23oXRkWcp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TSSEtFRIj5TdIEPFKhxQkM7PvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WdW7A2hSzDs4UiZgOJR5GXwtJSN70V/BRAGxlGnuFFzGe97BuxrKcj+9gzTrUJt+r0IRrS+uEHdlZJqe/J+4YfInKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nh3dUJT0DaCi5WJGN2wEy3OrQgLP5b9PAJWmMZ821q6DvewbsaynI/vYM061Cbfq9Y72oIwukDAWbxkWg+wf05pynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZxsvyh4ldBEGTbOB1ArCS0Bih11WQibx3NdQSLueDhog73sG7GspyP72DNOtQm36vT/GKFAbe8ynJ/i5P/zhAOOcp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TSSEtFRIj5TdIEPFKhxQkM7PvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wdx0cShsTEZyUNHcUSfLMqDqaL/0+u1FU3sej8CRBJPmu97BuxrKcj+9gzTrUJt+r3uHRAaos9E8F7vRRH9a/annKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1n73VWi+xYebxyxkiMxML80Ejl2vU6qFN0oc3GrWKLQOvvewbsaynI/vYM061Cbfq9SgdLlJ3ZmURhDZLLDtEDwZynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZwJTbgzGh96iEjSgSE6KSuhuGRnRF1uNWJvyWiwiTij173sG7GspyP72DNOtQm36vYGFCewnhd4AWKZlUUs9Fs+cp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TSSEtFRIj5TdIEPFKhxQkM7PvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WdxNhH8MM1kCv47N9SoU0slyJQ3ak1cofwFE/HDH3sI/u97BuxrKcj+9gzTrUJt+r2wFgSItpndprWEHPVn0q0BnKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nFQcWDKy4Gx/0JvSRUZMmtzftxyOTWa/QpkDt6oRI9lDvewbsaynI/vYM061Cbfq9Hhf3buE4nXgBVnVCaRR7rJynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ8RXiOr5BmrBXgIX99n0/nNIjn6YpTzCzDc4cleEx+ey73sG7GspyP72DNOtQm36vaK6iHgAx+KcuDBMW9bUNHecp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TSSEtFRIj5TdIEPFKhxQkM7PvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WcVBxYMrLgbH/Qm9JFRkya3tidbJp6xUlXIi9JOIHT5Fu97BuxrKcj+9gzTrUJt+r0uzj9nbTrOJU0rN767XISanKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1n/T7cN7SwQqztV6y4hgRF/051I3dkkGwsCUDRUTEjZ3TvewbsaynI/vYM061Cbfq9uslrOl7k4FENnZOQjy3bbZynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZxe6lLj3k5L/UQYHhzpDFwX+XxKeXHc+QvqpnOpadGVk73sG7GspyP72DNOtQm36vfQyuNPMYhuEEek15ai5TBGcp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TSSEtFRIj5TdIEPFKhxQkM7PvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7WftUEO8wRQVjyY62h5UEpFvc5tuA4Zd71n7Xi+RnlHwWO97BuxrKcj+9gzTrUJt+r2kxUmiba9LlmNr/cYh4ccVnKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0khLRUSI+U3SBDxSocUJDOz74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1n05TK1Cm+S2T9KhnOGjCB7i0hdy4dDza1s5OhWVsgJ9fvewbsaynI/vYM061Cbfq9Gv2KuOle9b9fbrQiU2L0z5ynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJIS0VEiPlN0gQ8UqHFCQzs++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ5uJv75VaMJ5GjYEmzXvNjMv8p4jphyuyNJrjhtqt5AU73sG7GspyP72DNOtQm36vZbbQj6tXXSI+rL5PqWHUG2cp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXu

     

     

    Monday, February 25, 2008 10:30 AM

Answers

  • Hi Dunk!,

     

      The above instructions, that Carey provided. Are the steps to resolve a Pre-Installed Vista, that is using the OEM self activate process, but is asking to be re-activated. Those steps would not help your issue.

     

      Your Diagnostic Report shows me that the Vista is suffering from a "In Memeory" Mod-Auth Tamper. There are 2 types of Tampers:

     

    1) A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by random file corruption, a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occure.

     

    2) A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way and is caused by a running program that is incompatible with Vista.

    ~I know it is a Tamper, because a Spsys.log file was generated.

     

    ~I know this issue is a Mod-Auth Tamper, because there is a TTS (aka Tamper Time Stamp) and the Time Stamp start with an "M" (for Mod-Auth). "M" type TTS are only generated during a Mod-Auth Tamper event.

     

    (Note: the past server problem that caused a 0xC004D401 error, did Not cause a TTS nor a Spsys.log file to be created). 

     

    ~I know this is an "In Memory" type of Mod-Auth because the "File Scan Data-->" line does not show any of the protected Critical System files have been changed/modified/tampered. If they had been changed/modified/tampered, then the issue would have been diagnosed as an "On Disk" Mod-Auth.

     

    In addition to why a Tamper occurs, it's also important to understand how Vista detects the Tamper event. There is a Service that runs in Vista that detects a Tamper. But this Service runs randomly, so if you were to install an incompatible program and run it, Vista (most likely) would not immediately enter a Tamper State and it could take some time for the Tamper to be detected. The important thing to note is that the moment Vista detects the Tamper, you know that the program that caused the tamper, is currently running.

     

    Below I have provided a number of steps to help you identify the program that is causing the tamper:
     
      First, go to http://support.microsoft.com/kb/931699/ and confirm that you do not have any of the programs known to cause this type of issue.
     
      Second, in your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch numbers: M:xxxxxxxxxxxxxxxxx- This is the Tamper Time Stamp and it breaks down like this:

     

        (year)  (month) (day) (time in 24format) (millisecond)
    M:2008       02       25        1121                  27179-

     


    Now that you know the time of the tamper, you can now try to connect that time with a program.

    1) Login to Vista and select the option that launches an Internet Browser

    2) Type into the browser address bar: %windir%\system32\perfmon.msc and hit Enter

    3) When asked if you want to Open or Save this file, select Open

    4) In the left hand panel, click Reliability Monitor

    5) Click on the “System Stability Chart” above the date 02/25

    6) Below the chart, in the “System Stability Report” section look at the report titled "Software (Un)Installs for 02/25/2008"

    7) Look for any program that shows "Application Install" in the 'Activity' column.

    8) Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 5) thru 7) for the dates 02/24/2008, 02/23/2008 and 02/22/2008

      This could tell you what programs were installed on or around the Tamper date and should help you narrow down the possible programs that could be causing the issue . Unfortunately, if you installed the program (say) on 09/01/2007, but you didn't run (and, hence, prompted the tamper state)  till 02/25/2008, this process may not be helpful.  The removal of any application you may have installed recently could go a long way to troubleshooting this issues as well, since it may fall outside of the 3 day time frame described above.


    Lastly, I just received a confirmed report that PC Tools Firewall Plus version 3.0.0.52 (with Anti-Injection Protected option enabled) has been found to cause this type of issue. PC Tools has fixed the problem.  On the PC Tools forums (http://www.pctools.com/forum/showthread.php?s=7e262d016b2a208f58a2d03143ba90a0&t=49501&page=2), they state:

     

    In order to make sure you have the latest version, you can make a simple test after installation.
    Test 1:
    a. Restart the machine
    b. Try to perform Smart Update (if no files appear then you have the latest)

    Test 2:
    a. Go to the FW directory (normally C:\Program Files\PC Tools Firewall Plus) and check that:
    FirewallWrapper.dll version is 3.0.0.53
    FWService.exe version is 3.0.0.53
    FwHook.dll version is 1.0.44.0
    sdwvhlp.dll version is 1.0.0.2

    If the files version does not match try to Smart Update.

     

    So if you have PC Tools Firewall Plus version 3.0.0.52 installed on your computer, please follow the above directions for updating to the most recent version.

     

    Lastly, I highly recommend updating the Anti-Virus and Firewall (if other then the one that came with Vista) programs, to a version advertised as compatible with Vista. Older versions of these two types of programs are very likely to be incompatible. 

     

     

    Thank you,

    Darin Smith

    WGA Forum Manager

     

    Thank you,

    Darin Smith

    WGA Forum Manager

    Monday, February 25, 2008 11:17 PM

All replies

  • There is a Support Doc: "You may be prompted to activate Windows Vista on a computer on which Windows Vista was already activated by a Volume License or OEM installation" at http://support.microsoft.com/default.aspx?scid=kb;EN-US;931573  That I believe may specific to your issue. Please follow the resolution portion of the doc.

     

      If that does not resolve your issue, please follow the steps below. If the first set of steps does not resolve, move on to the next set of steps.

     

    ----------------------------------------------------------------------------------------

    Step set #1

     

    (If you access to the start button)

    1) Click the Start button

    2) Type cmd in the Start Search field

    3) At the top the Start window, you will see cmd.exe

    4) Right Click cmd.exe and select Run as Administrator

    5) Type: cscript %windir%\System32\slmgr.vbs /ilc %windir%\System32\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms

    6) Hit the Enter key

    7) Reboot 2 times

     

    (If you Do Not access to the start button)

    1) Click the option Access computer with reduced functionality

    2) A Browser will open, type: %windir%\system32 into the address field

    3) Find the file cmd.exe

    4) Right Click on the cmd.exe and select Run as Administrator

    5) Type: cscript %windir%\System32\slmgr.vbs /ilc %windir%\System32\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms

    6) Hit the Enter key

    7) Reboot 2 times

    -------------------------------------------------------------------------------------------

    Step set #2

     

    (If you access to the start button)

    1) Click the Start button

    2) Type: slui.exe 3 and hit the Enter key

    3) Type in the Product key from the sticker on your computer

    4) Click the Next button.

    5) You will be asked if want to Activate, click ok

    6) It will attempt to Activate by the internet and will return an Invalid Key error (this is ok, continue to step 7)

    7) Click the Start button

    8) Type: slui.exe 4 and hit the Enter key

    9) Select your location in the drop down menu and click the Next button

    10) The next screen provides the number to call to Activate by Phone

     

    NOTE: when you call that number, you will first hear an Automated Voice that will try to Activate Vista for you. If the Automated Voice gives you an option to talk to a Live Activation Rep, select that option. If not, do not enter any numbers. This should force the Automated Voice to transfer you to a Live Activation Rep. Trying to Activate thru the Automated Voice will not work, in your case, only thru the Live Activation Rep will your Activation be successful.

     

    Once completed, you may need to reboot twice.


     

    (If you Do Not access to the start button)

    1) Click the option 'Run with reduced functionality'

    2) A internet Browser should come up, type: %windir%\system32\cmd.exe in the browser address bar

    3) A window with a black background will come up

    4) Type: slui.exe 3 and hit the Enter key

    5) Type in the Product key from the sticker on your computer

    6) Click the Next button.

    7) You will be asked if want to Activate, click ok

    8) It will attempt to Activate by the internet and will return an Invalid Key error (this is ok, continue to step 9)

    9) Return to the window with the black background

    10) Type: slui.exe 4 and hit the Enter key

    11) Select your location in the drop down menu and click the Next button

    12) The next screen provides the number to call to Activate by Phone

     

    NOTE: when you call that number, you will first hear an Automated Voice that will try to Activate Vista for you. If the Atomated Voice gives you an option to talk to a Live Activation Rep, select that option. If not, do not enter any numbers. This should force the Automated Voice to transfer you to a Live Activation Rep. Trying to Activate thru the Automated Voice will not work, in your case, only thru the Live Activation Rep will your Activation be successful.

     

    Once completed, you may need to reboot twice.

     

    ----------------------------------------------------------------------------------------

    Step set #3

     

    1) Open Internet Browser

    2) Type %windir%\system32 into the browser address bar.

    3) Find the file CMD.exe

    4) Right-Click on CMD.exe and select Run as Administrator

    5) Type: net stop slsvc  (it may ask you if you are sure, select yes)

    6) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing

    7) Type: rename tokens.dat tokens.bar

    8) Type: cd %windir%\system32

    9) Type net start slsvc

    10) Type: cscript slmgr.vbs -rilc (It may take a long time for this to complete, please be patient)

    11) Reboot Twice

    12) You may be required to Re-Activate. Use the Activate by Phone method outlined below

     

     

    Activate by Phone steps:

     

    a) If you have access to the Start button: Click the Start button, and type in "slui.exe 4" in the search field and then press the "Enter" key. This will bring up the Activate by Phone dialog window. Follow the steps provided by the window. The phone activation process should only take about 6 minutes.


    b) If you do not have access to the Start button: Reboot and login to Vista, a dialog window will come up. In that window, click the option "Access computer with reduced functionality". Once you do that, Internet Explorer or Firefox browser will open. In the address bar type "c:\windows\system32\cmd.exe" press enter, a new window will come up, type: slui 4 and hit enter and follow steps to Activate over the Phone.


    NOTE: The key to this process is that you need to talk to a Live Activation Rep! When you first call, you will be interacting with an Automated Voice, either select the option to talk to a Live Rep or if there is no option, do not enter any numbers. This should force the automated voice to transfer you to a Live Rep.

     

     

    Monday, February 25, 2008 2:05 PM
    Moderator
  • I've tried them all and it didn't work. I always had the 0xC004D401 error.

    Now, when trying the last method I got the following error in cmd: 0x1A8 (0x000001A8). When I restart now I can't even log in anymore, I always get a message saying that the SKU isn't available: 0xC004F055
    Monday, February 25, 2008 5:09 PM
  • Hi Dunk!,

     

      The above instructions, that Carey provided. Are the steps to resolve a Pre-Installed Vista, that is using the OEM self activate process, but is asking to be re-activated. Those steps would not help your issue.

     

      Your Diagnostic Report shows me that the Vista is suffering from a "In Memeory" Mod-Auth Tamper. There are 2 types of Tampers:

     

    1) A critical system file was modified On Disk - What this means is that the file, located on the hard drive, was modified in some way. This can be caused by random file corruption, a malicious program (spyware, malware, virus) or by manual file modification (by a user of the system). There is also a very small chance that an Update may fail in mid-update and cause this type of issue. As a safety mechanism, Updates are made so that if they fail, they roll back any updating that was done before the failure, but there is an off-chance that the roll back did not occure.

     

    2) A critical system file was modified In Memory - What this means is the file itself (on the hard drive) is un-modified, but the code, from that file, running in the system, was modified in some way and is caused by a running program that is incompatible with Vista.

    ~I know it is a Tamper, because a Spsys.log file was generated.

     

    ~I know this issue is a Mod-Auth Tamper, because there is a TTS (aka Tamper Time Stamp) and the Time Stamp start with an "M" (for Mod-Auth). "M" type TTS are only generated during a Mod-Auth Tamper event.

     

    (Note: the past server problem that caused a 0xC004D401 error, did Not cause a TTS nor a Spsys.log file to be created). 

     

    ~I know this is an "In Memory" type of Mod-Auth because the "File Scan Data-->" line does not show any of the protected Critical System files have been changed/modified/tampered. If they had been changed/modified/tampered, then the issue would have been diagnosed as an "On Disk" Mod-Auth.

     

    In addition to why a Tamper occurs, it's also important to understand how Vista detects the Tamper event. There is a Service that runs in Vista that detects a Tamper. But this Service runs randomly, so if you were to install an incompatible program and run it, Vista (most likely) would not immediately enter a Tamper State and it could take some time for the Tamper to be detected. The important thing to note is that the moment Vista detects the Tamper, you know that the program that caused the tamper, is currently running.

     

    Below I have provided a number of steps to help you identify the program that is causing the tamper:
     
      First, go to http://support.microsoft.com/kb/931699/ and confirm that you do not have any of the programs known to cause this type of issue.
     
      Second, in your Diagnostic report above, you can see the line that starts with 'TTS Error:' followed by a bunch numbers: M:xxxxxxxxxxxxxxxxx- This is the Tamper Time Stamp and it breaks down like this:

     

        (year)  (month) (day) (time in 24format) (millisecond)
    M:2008       02       25        1121                  27179-

     


    Now that you know the time of the tamper, you can now try to connect that time with a program.

    1) Login to Vista and select the option that launches an Internet Browser

    2) Type into the browser address bar: %windir%\system32\perfmon.msc and hit Enter

    3) When asked if you want to Open or Save this file, select Open

    4) In the left hand panel, click Reliability Monitor

    5) Click on the “System Stability Chart” above the date 02/25

    6) Below the chart, in the “System Stability Report” section look at the report titled "Software (Un)Installs for 02/25/2008"

    7) Look for any program that shows "Application Install" in the 'Activity' column.

    8) Since the process that detects Tampers runs randomly, it can take up to 3 days for the process to detect the tamper and set Vista to a Tamper State. Because of this, please repeat steps 5) thru 7) for the dates 02/24/2008, 02/23/2008 and 02/22/2008

      This could tell you what programs were installed on or around the Tamper date and should help you narrow down the possible programs that could be causing the issue . Unfortunately, if you installed the program (say) on 09/01/2007, but you didn't run (and, hence, prompted the tamper state)  till 02/25/2008, this process may not be helpful.  The removal of any application you may have installed recently could go a long way to troubleshooting this issues as well, since it may fall outside of the 3 day time frame described above.


    Lastly, I just received a confirmed report that PC Tools Firewall Plus version 3.0.0.52 (with Anti-Injection Protected option enabled) has been found to cause this type of issue. PC Tools has fixed the problem.  On the PC Tools forums (http://www.pctools.com/forum/showthread.php?s=7e262d016b2a208f58a2d03143ba90a0&t=49501&page=2), they state:

     

    In order to make sure you have the latest version, you can make a simple test after installation.
    Test 1:
    a. Restart the machine
    b. Try to perform Smart Update (if no files appear then you have the latest)

    Test 2:
    a. Go to the FW directory (normally C:\Program Files\PC Tools Firewall Plus) and check that:
    FirewallWrapper.dll version is 3.0.0.53
    FWService.exe version is 3.0.0.53
    FwHook.dll version is 1.0.44.0
    sdwvhlp.dll version is 1.0.0.2

    If the files version does not match try to Smart Update.

     

    So if you have PC Tools Firewall Plus version 3.0.0.52 installed on your computer, please follow the above directions for updating to the most recent version.

     

    Lastly, I highly recommend updating the Anti-Virus and Firewall (if other then the one that came with Vista) programs, to a version advertised as compatible with Vista. Older versions of these two types of programs are very likely to be incompatible. 

     

     

    Thank you,

    Darin Smith

    WGA Forum Manager

     

    Thank you,

    Darin Smith

    WGA Forum Manager

    Monday, February 25, 2008 11:17 PM
  • At the end I just reinstalled the notebook again and everything worked fine... UNTIL ... Kasperky Internet Security 7.0 got installed. How can that be? I've installed it on vista systems a dozen of times?
    Saturday, March 1, 2008 9:20 AM
  • I'm not sure what kaspersky does, but it seems to disable some kind of neccesairy vista services or something. When I recover to the point before kaspersky was installed, everything works, when I install kaspersky and restart I get the error above, when I restart again I can't even log in anymore.

    Isn't there any information about this problem? I can't seem to find anything usefull on the official HP or Kapsersky website.
    Saturday, March 1, 2008 12:11 PM
  • I bought a Lenovo Z61e online in July last year (from website www.misco.co.uk)

     

    Had issues a few weeks back and ended up having to revert to a back up in order to boot up. Since then have had a few problems (unresolved) with Windows Update not installing updates, and now have booted up to find the message that the Windows Vista Business product key is invalid for activation.

     

    The report is below, any ideas on what to do next?

     

    Thanks

     

     

     

    Diagnostic Report (1.7.0069.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004c4a8
    Cached Validation Code: 0xc004c4a8
    Windows Product Key: *****-*****-8R282-7M7MD-QBVT2
    Windows Product Key Hash: Wp1Or0H3xTx9SppIZHQ4EH0vc6o=
    Windows Product ID: 89576-OEM-7201301-72192
    Windows Product ID Type: 8
    Windows License Type: COA SLP
    Windows OS version: 6.0.6000.2.00010100.0.0.006
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {AAB26BBF-26A6-459B-871C-9282682163D9}(1)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Business
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.071009-1548
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-2920-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-531-645_025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{AAB26BBF-26A6-459B-871C-9282682163D9}</UGUID><Version>1.7.0069.0</Version><OS>6.0.6000.2.00010100.0.0.006</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QBVT2</PKey><PID>89576-OEM-7201301-72192</PID><PIDType>8</PIDType><SID>S-1-5-21-150329730-509714110-1090307148</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>06722YG</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7FETA0WW (2.18 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20070517000000.000000+000</Date></BIOS><HWID>89313507018400EE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7F   </OEMTableID></OEM><BRT/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>BB1CC55A99C106C</Val><Hash>sIGu2iVLvFCQ6IycvnYkDjUTtzs=</Hash><Pid>70141-054-4893576-56641</Pid><PidType>1</PidType></Product></Products></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

     

    Sunday, March 2, 2008 8:22 AM
  • Would be nice if you could start you own thread ;-)

    Anyway, where's the support? I keep getting the errors I mentioned above...
    Monday, March 3, 2008 10:15 AM
  •  

    Not sure how this is affecting different people - i ended up choosing the activate by phone option once i had typed in my existing product code, and after going through the process, the authentication code given to me over the phone worked.

     

    however i have read on other forums that this has not always worked for others.

     

    just have to sort out the windows update issue now

    Monday, March 3, 2008 11:53 AM
  •  Dunk! wrote:
    I'm not sure what kaspersky does, but it seems to disable some kind of neccesairy vista services or something. When I recover to the point before kaspersky was installed, everything works, when I install kaspersky and restart I get the error above, when I restart again I can't even log in anymore.

    Isn't there any information about this problem? I can't seem to find anything usefull on the official HP or Kapsersky website.

     

    Hello Dunk!,

     

      You may want to look at the Kapsersky forum thread  http://forum.kaspersky.com/index.php?showtopic=49266. See the post from user Fuzzy (3rd post down) he seems to have the same issue and it was resolved by following user Lucian Bara's suggestion (2nd post down).

     

    The resolution steps are (Note: this is not a Microsoft endorsed process, but if it works...it works):

    "boot your pc into safe mode.
    open start->run->regedit
    navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Klif on the left side.
    on the right side you should see a entry called "Start" with the value 1. change it's value to 2 or 3 and try booting into normal mode again."

     

    Lucian Bara says that the resolution steps "changes the time at which the kaspersky driver loads,this way it will load later, after the main drivers are loaded, so less chance for conflicts, this does not influence security."

     

    Hope this helps,

    Darin

    Monday, March 3, 2008 8:56 PM