locked
Windows 7 Genuine Advantage Validation fails with error 0x80070005 RRS feed

  • Question

  • Hi,
    I have a Windows 7 Ultimate 32-bit install that has been working (and validating the install) for quite a while.  Around 12/17/2011 it started reporting that the install was not genuine and I had 30 days to activate it.  I tried every few days to activate it but it would fail. 
    I have been researching this issue in the forums and have tried several of the suggested fixes but none have worked.  All commands were done via a CMD prompt running as Admin. 
    •  http://support.microsoft.com/kb/2008385 - slmgr.vbs /dlv gives a Windows Script Host popup error "Permission Denied" code 800A0046.
    • Running through the steps of renaming the tokens.dat file and running slui.exe takes me to an MS website to purchase a new license (with 0x80070005 mentioned in the URL twice).
    • Ran "sfc /scannow" which returned "Windows Resource Protection did not find any integrity violations."
    • I tried the steps suggested by Kim in http://tinyurl.com/839r4fu which returned ZERO entries in the "accesskchk.txt" file and when I followed the steps in "...The Solution..." every change the script tried to make returned "RegSetKeySecurity Error : 5 Access is denied."
    • I also tried the main answer from Schedrich on http://tinyurl.com/4oduoys 
     
    After running the MGA Diagnostic tool and looking at the log files in the C:\MGADiagToolOutput\ directory, I noticed that the validation issues started on 12/17/2011 at around 2:50 AM with the entry "Grace period has been started. Grace days=30  Grace type=5." with an Event ID of 1025.
    I also noticed two events with the ID of 1003 which differed from before and after validation failure.
    Before:
    12/3/2011 1:05:53 PM
    6: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 )]
    After:
    12/17/2011 2:50:30 AM
    6: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 [0xC004E003, 0, 0], [( 1 0x80070005 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 1 0x80070005 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 [0x00000000, 0, 1], [(?)( 5 0x00000000 30 43200)( 1 0x00000000 0 0 msft:rm/algorithm/flags/1.0 0x00000000 0)(?)(?)(?)])]

    I also checked all files modified on my computer around 2:50 AM on the 17th.  At 2:47 AM, C:\Windows\System32\Microsoft\Protect\S-1-5-18\903643d9-19fc-45c6-923b-5201212a44fe and "Preferred" were modified.  I cannot tell what data is stored in the files.
    At 3:08 AM on the 17th, the following updates were installed:
    • Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2597035)
    • Security Update for Windows 7 (KB2633171)
    • Security Update for Windows 7 (KB2620712)
    • Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2618444)
    • Windows Malicious Software Removal Tool - December 2011 (KB890830)
    • Security Update for Windows 7 (KB2619339)
    • Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.117.1260.0)
    • Update for Windows 7 (KB2633952)
    • Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2618451)
    • Security Update for Windows 7 (KB2639417)
    • Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)

    No matter what way I go about verifying my copy of Windows, it fails.

    Here is a copy of the output from the Diagnostic tool:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-7MXWW-62QYV-YPTPQ
    Windows Product Key Hash: JsMf14nP/9/rYm6hBYZtgVm5BfE=
    Windows Product ID: 00426-068-2649786-86106
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {9449E848-B477-4777-BF78-156729847998}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.111025-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office XP Small Business - 100 Genuine
    Microsoft Office Outlook 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9449E848-B477-4777-BF78-156729847998}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YPTPQ</PKey><PID>00426-068-2649786-86106</PID><PIDType>5</PIDType><SID>S-1-5-21-3701940863-288014543-3736748009</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 200</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.3</Version><SMBIOSVersion major="2" minor="5"/><Date>20070712000000.000000+000</Date></BIOS><HWID>BC1C3907018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91130409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Small Business</Name><Ver>10</Ver><Val>6D819D7EEB1609C</Val><Hash>f1OSBea26Gkbw0t2HoYCtTV4N6s=</Hash><Pid>54188-OEM-1792853-59182</Pid><PidType>4</PidType></Product><Product GUID="{90E00409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Outlook 2003</Name><Ver>11</Ver><Val>6E990CE9C6B1D00</Val><Hash>0I+VrkllIuLsWA3RQj+TnJX9lNY=</Hash><Pid>73930-640-0000086-55220</Pid><PidType>14</PidType></Product></Products><Applications><App Id="16" Version="10" Result="100"/><App Id="19" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/><App Id="1A" Version="11" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1333, 5) Microsoft VBScript runtime error: Permission denied

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004F022
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 1:17:2012 23:14
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MgAAAAEABAABAAIAAAABAAAAAQABAAEAeqgqb4obiP1k/mAh5nIIU85wZIauLh51KoU=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   DELL    FX09  
      FACP   DELL    FX09  
      HPET   DELL    FX09  
      MCFG   DELL    FX09  
      SLIC   DELL    FX09  
      DMY2   DELL    FX09  
      SSDT   PmRef  CpuPm

    Wednesday, January 18, 2012 9:50 AM

Answers

  • No further reply from the original Poster.

    Issue is assumed to be resolved.


    Darin MS
    • Marked as answer by Darin Smith MS Wednesday, January 25, 2012 8:46 PM
    Wednesday, January 25, 2012 8:46 PM

All replies

  • "Avrg Joe" wrote in message news:54018d3c-00c2-428e-8695-89f5e9a9d8f2...
    Hi,
    I have a Windows 7 Ultimate 32-bit install that has been working (and validating the install) for quite a while.  Around 12/17/2011 it started reporting that the install was not genuine and I had 30 days to activate it.  I tried every few days to activate it but it would fail.
    I have been researching this issue in the forums and have tried several of the suggested fixes but none have worked.  All commands were done via a CMD prompt running as Admin.

    No matter what way I go about verifying my copy of Windows, it fails.

    Here is a copy of the output from the Diagnostic tool:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-7MXWW-62QYV-YPTPQ
    Windows Product Key Hash: JsMf14nP/9/rYm6hBYZtgVm5BfE=
    Windows Product ID: 00426-068-2649786-86106
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 6.1.7601.2.00010100.1.0.001

    Other data-->
    SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 200</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.3</Version><SMBIOSVersion major="2" minor="5"/><Date>20070712000000.000000+000</Date></BIOS

     

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(1333, 5) Microsoft VBScript runtime error: Permission denied

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004F022

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x0

    Are you a subscriber to MSDN? – If not, your copy of Windows is counterfeit, and has probably had a Hacker’s Loader tool installed to prevent proper activation and validation.
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Wednesday, January 18, 2012 1:21 PM
    Moderator
  • Unfortunately, your installed copy of Windows 7 Ultimate is a non-genuine, pirated copy that came from a Microsoft MSDN software subscription.  You'll need to purchase a genuine "Full Version" Windows 7 Ultimate license and then change the product key.  As an alternative, you can Request Dell Backup Discs, reformat your hard drive and then reinstall the original Windows operating system that original came with your Dell computer.

    From your MGA Report:Windows Product ID: 00426-068-2649786-86106

    Please review: Blocked Product Keys


    Carey Frisch
    Wednesday, January 18, 2012 1:23 PM
    Moderator
  • Yes, I am a subscriber to MSDN.  The key is valid and assigned to me.  I do not use pirated stuff. 

    I have several other keys assigned to me that I could use, but the verification tool fails before I get the chance to enter a new key.  If I try to do the phone verification right after rebooting, it gives me the screen with the 1800 number to call but the boxes below it with the numbers to enter via phone are blank.  If I try at any pont later on, it fails right away.

    I have been using this computer with this install for over a year.  The genuine software verification has passed every time over that time.  I have everything set up the way I need it and I would really hate to have to re-image and redo everything.

    I have MS Security essentials installed with no firewall.  Could this be caused by some malware that MS is not finding?  Could this be caused by a port on the router being redirected elsewhere or blocked?  Do the changes between the different Event ID 1003 entries mean anything?

    Wednesday, January 18, 2012 8:15 PM
  • "Avrg Joe" wrote in message news:ca13d058-4d87-4cce-a4ec-83801f8aa082...

    Yes, I am a subscriber to MSDN.  The key is valid and assigned to me.  I do not use pirated stuff.

    I have several other keys assigned to me that I could use, but the verification tool fails before I get the chance to enter a new key.  If I try to do the phone verification right after rebooting, it gives me the screen with the 1800 number to call but the boxes below it with the numbers to enter via phone are blank.  If I try at any pont later on, it fails right away.

    I have been using this computer with this install for over a year.  The genuine software verification has passed every time over that time.  I have everything set up the way I need it and I would really hate to have to re-image and redo everything.

    I have MS Security essentials installed with no firewall.  Could this be caused by some malware that MS is not finding?  Could this be caused by a port on the router being redirected elsewhere or blocked?  Do the changes between the different Event ID 1003 entries mean anything?

    (I suspected that you may be a subscriber – you gave way more detail than most of our clients do, and asked much more penetrating questions <g>!)
     
     
    The fact that all the subinacl commands responded with Access denied possibly means that the registry is corrupted
    If you open Regedit, and navigate to those keys, what existing permissions are revealed?
    You may be able to expose them easier by using ICACLS.
     
     
     

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Thursday, January 19, 2012 7:59 AM
    Moderator
  • No further reply from the original Poster.

    Issue is assumed to be resolved.


    Darin MS
    • Marked as answer by Darin Smith MS Wednesday, January 25, 2012 8:46 PM
    Wednesday, January 25, 2012 8:46 PM