locked
"not running genuine Windows" (0x8004fe21) on Win 7 x64 Enterprise Edition RRS feed

  • Question

  • Hi all,

    Nine months ago I installed Windows 7 Enterprise Edition onto my MacBook Pro's Boot Camp partition.  I had no problems joining it to the domain and activating it using our KMS.  Similarly, I have no problems booting Windows directly on the Mac or running it under VMware Fusion.  Everything is fully patched, including Windows, VirusScan/HIPS, Mac OS X, Boot Camp, and Fusion.  Two days ago I began getting the "This computer is not running genuine Windows" error from WAT, with an error code of 0x8004fe21.  Both "slmgr /dli" and the Windows system information page show my computer to be activated.  MGADiag reported several odd file changes, which appear to be components of the license manager (see below).  I guess my question at this point is, how do I go about fixing WAT?  Is this something that can be reinstalled without reinstalling the whole of Windows 7?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
    Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
    Windows Product ID: 00392-918-5000002-85685
    Windows Product ID Type: 1
    Windows License Type: KMS Client
    Windows OS version: 6.1.7600.2.00010100.0.0.004
    ID: {D6A1D789-007A-401B-9119-3B5D394B1984}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Enterprise
    Architecture: 0x00000009
    Build lab: 7600.win7_gdr.100618-1621
    TTS Error: T:20100430132325704-
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    Microsoft Office Project Professional 2007 - 100 Genuine
    Microsoft Office Visio Professional 2007 - 100 Genuine
    Microsoft Office OneNote 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D6A1D789-007A-401B-9119-3B5D394B1984}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.004</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HVTHH</PKey><PID>00392-918-5000002-85685</PID><PIDType>1</PIDType><SID>S-1-5-21-748124279-1893369337-1445037206</SID><SYSTEM><Manufacturer>VMware, Inc.</Manufacturer><Model>VMware Virtual Platform</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>6.00</Version><SMBIOSVersion major="2" minor="4"/><Date>20091231000000.000000+000</Date></BIOS><HWID>08B83607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>292ACC47C12BD86</Val><Hash>2o4J3R/8NBCdVLNxerjb8vlXmes=</Hash><Pid>89409-707-0733573-65573</Pid><PidType>14</PidType></Product><Product GUID="{90120000-003B-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2007</Name><Ver>12</Ver><Val>BDE0E5EB025586</Val><Hash>76stuwKQ6GhLPhlZg6r9WrmheUY=</Hash><Pid>89403-707-1073917-63012</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0051-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2007</Name><Ver>12</Ver><Val>BDE0E5EB025586</Val><Hash>76stuwKQ6GhLPhlZg6r9WrmheUY=</Hash><Pid>89405-707-1073917-63017</Pid><PidType>14</PidType></Product><Product GUID="{90120000-00A1-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office OneNote 2007</Name><Ver>12</Ver><Val>BDE0E5EB025586</Val><Hash>76stuwKQ6GhLPhlZg6r9WrmheUY=</Hash><Pid>89397-707-1073917-63145</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="3A" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="53" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAAwxAAAAAAAAYWECAAAAAACAkH7XiejKAROJf9ybj7SsIEe8hMh9DOEjE6xHOJgL/z0HKb1/J/X5LfEYtB5vURk6UZkFNgIQXxuMwNdNRQr5dQsRKl5W0R8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHWbtvRlmi626BPz2O4Y191fBVqUIOq1Rw755v0USQZBczkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Enterprise edition
    Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
    Activation ID: ae2ee509-1b34-41c0-acb7-6d4650168915
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00392-00170-918-500000-03-1033-7600.0000-0722010
    Installation ID: 015252764932380410887875744020205930839221558681787516
    Partial Product Key: HVTHH
    License Status: Licensed
    Volume activation expiration: 256200 minute(s) (177 day(s))
    Remaining Windows rearm count: 1
    Trusted time: 1/14/2011 9:26:03 AM

    Key Management Service client information
        Client Machine ID (CMID): 9e3ec9d4-1eb3-4974-953e-dce795483d14
        KMS machine name from DNS: nihcis.nih.gov:1688
        KMS machine extended PID: 55041-00168-313-066053-03-1033-7600.0000-3272009
        Activation interval: 120 minutes
        Renewal interval: 10080 minutes
        KMS host caching is enabled

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 1:12:2011 11:36
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys


    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAEAAQABAAAAAwABAAEAJJRk76QRDFzmt0R8/BTElvGeCQjSeggIYFY=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   PTLTD     APIC 
      FACP   INTEL   440BX  
      SRAT   VMWARE  MEMPLUG
      BOOT   PTLTD   $SBFTBL$
      MCFG   PTLTD   $PCITBL$

     

    Friday, January 14, 2011 2:59 PM

Answers

  • I finally figured out that these problems were due to a GPO applied to my computer last week.  The GPO in question changes a lot of permissions, which negatively impacts the operation of key Windows components such as Cryptographic Services.  Once we pulled the problematic GPO, my activation/validation problems went away.

    Thanks for your help.

    Best wishes,
    Matthew

    Tuesday, January 18, 2011 6:51 PM

All replies

  • "Matthew X. Economou" wrote in message news:6d7645c6-f46e-4aa9-8964-9f59c40b1944...

    Hi all,

    Nine months ago I installed Windows 7 Enterprise Edition onto my MacBook Pro's Boot Camp partition.  I had no problems joining it to the domain and activating it using our KMS.  Similarly, I have no problems booting Windows directly on the Mac or running it under VMware Fusion.  Everything is fully patched, including Windows, VirusScan/HIPS, Mac OS X, Boot Camp, and Fusion.  Two days ago I began getting the "This computer is not running genuine Windows" error from WAT, with an error code of 0x8004fe21.  Both "slmgr /dli" and the Windows system information page show my computer to be activated.  MGADiag reported several odd file changes, which appear to be components of the license manager (see below).  I guess my question at this point is, how do I go about fixing WAT?  Is this something that can be reinstalled without reinstalling the whole of Windows 7?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE21
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2VJC9-XBBR8-HVTHH
    Windows Product Key Hash: k/l/EMDQdwK9OvdCkPtHG1YdosE=
    Windows Product ID: 00392-918-5000002-85685
    Windows Product ID Type: 1
    Windows License Type: KMS Client
    Windows OS version: 6.1.7600.2.00010100.0.0.004

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Plus 2007 - 100 Genuine
    Microsoft Office Project Professional 2007 - 100 Genuine
    Microsoft Office Visio Professional 2007 - 100 Genuine
    Microsoft Office OneNote 2007 - 100 Genuine

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\wat\watux.exe[7.1.7600.16395], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\slui.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7600.16385], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\drivers\spldr.sys[6.1.7127.0], Hr = 0x80092003
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

    Spsys.log Content: U1BMRwEAAAAAAQAACAAAAAwxAAAAAAAAYWECAAAAAACAkH7XiejKAROJf9ybj7SsIEe8hMh9DOEjE6xHOJgL/z0HKb1/J/X5LfEYtB5vURk6UZkFNgIQXxuMwNdNRQr5dQsRKl5W0R8zkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBHWbtvRlmi626BPz2O4Y191fBVqUIOq1Rw755v0USQZBczkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Enterprise edition
    Description: Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
    Activation ID: ae2ee509-1b34-41c0-acb7-6d4650168915
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00392-00170-918-500000-03-1033-7600.0000-0722010
    Installation ID: 015252764932380410887875744020205930839221558681787516
    Partial Product Key: HVTHH
    License Status: Licensed
    Volume activation expiration: 256200 minute(s) (177 day(s))
    Remaining Windows rearm count: 1
    Trusted time: 1/14/2011 9:26:03 AM

    Key Management Service client information
        Client Machine ID (CMID): 9e3ec9d4-1eb3-4974-953e-dce795483d14
        KMS machine name from DNS: nihcis.nih.gov:1688
        KMS machine extended PID: 55041-00168-313-066053-03-1033-7600.0000-3272009
        Activation interval: 120 minutes
        Renewal interval: 10080 minutes
        KMS host caching is enabled

    Windows Activation Technologies-->
    HrOffline: 0x8004FE21
    HrOnline: N/A
    HealthStatus: 0x000000000001EFF0
    Event Time Stamp: 1:12:2011 11:36
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\sppobjs.dll
    Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
    Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
    Tampered File: %systemroot%\system32\sppwinob.dll
    Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
    Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
    Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
    Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
    Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
    Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
    Tampered File: %systemroot%\system32\drivers\spsys.sys

     


    You are running a KMS client license under VMWare, and have a Volume Licensed version of Office installed.
    There are a large number of Mismatched/Tampered files present - which is at least partly causing your problem.
     
    From  this I would infer that you are a member of an organisation, and using that organisation's machine - I suggest that you contact the System Administrator, and ask them to re-image your machine, since they (especially ones using a .gov DNS server for KMS clients) can get snotty about users attempting to fix machines themselves <g>
    If you want to try fixing it yourself (or you ARE the Admin), then  I'd try a System File Checker run to repair any damaged system files
    System File Checker - Instructions
    Click on the Start button
    type in the Search  box
    CMD.EXE
    right-click on the only file that is found
    Select Run as Administrator
     - the Elevated Command Prompt window should pop up
    At the Command prompt, type
     
    SFC   /SCANNOW
     
    and hit the Enter key
    Wait for the scan to finish - make a note of any error messages - and then reboot.
     
    Visit the Validation site  http://www.microsoft.com/genuine and attempt to Validate Windows - again, make a note of error messages.
    Run MGADiag again, and see if it's managed to clear the errors - if not, post back with the report, and we'll take another look.
     
     
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, January 14, 2011 3:17 PM
    Moderator
  • Well, I am the admin.  :-/  "sfc /scannow" failed with the error "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log".  Looking through that log file, I see a lot of repairs similar to the following:

    2011-01-16 17:45:51, Info         CSI  00000ccb [SR] Verifying 100 (0x0000000000000064) components
    2011-01-16 17:45:51, Info         CSI  00000ccc [SR] Beginning Verify and Repair transaction
    2011-01-16 17:45:58, Info         CSI  00000cce [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Help\mui\0405"\[l:22{11}]"diskmgt.CHM" from store
    2011-01-16 17:45:59, Info         CSI  00000cd1 [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Help\mui\0405"\[l:22{11}]"diskmgt.CHM" from store
    2011-01-16 17:45:59, Info         CSI  00000cd4 [SR] Verify complete
    

    Oddly, these same repairs are repeated every time I run "sfc /scannow", and none of the files reported by MGADiag are listed.  The very last log entry indicates a successful result:

    2011-01-16 21:15:27, Info         CSI  000014fa [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
    

    Any other suggestions?  I hesitate to re-install Windows because I work remotely and can't easily rejoin the domain, etc.  Some other odd event log entries:

    • In the Application event log, CAPI2 event ID 257, "The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1011."
    • Also in the Application event log, Security-SPP event ID 16385, "Failed to schedule Software Protection service for re-start at 2011-01-19T11:43:46Z. Error Code: 0x80070005."
    • Also in the Application event log, LoadPerf event ID 3001, "The performance counter name string value in the registry is not formatted correctly. The malformed string is 捯獥敤氠⁡潣獮汯ⱡ攠灳捥晩煩敵攠湡档敤氠⁡敶瑮湡⁡湥挠牡捡整敲s堀楓敺ጀ. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values."  In the event viewer, that malformed string renders into what looks like East Asian ideograms.

    I think my next step will be to create a WinPE RAM disk from which I can run a virus scan, just in case.  I'm also going to try the advice of http://technet.microsoft.com/en-us/library/dd363941%28WS.10%29.aspx, which should fix/regenerate the system catalog database.

    Best wishes,
    Matthew

    Monday, January 17, 2011 8:17 PM
  • Hello Matthew,

      To resolve the issue, you will need to repair (or replace) the problems files. The suggestions I can make, to do this, are either going a System Restore, to revert to a point before the issue occurs or replacing the files using known good copies from another Windows 7 install (people have also reported that it's possible to pull the replacement files from a Windows 7 install disk, but I don't know exactly how that is done).

     

    I hope that helps,


    Darin MS
    Monday, January 17, 2011 8:51 PM
  • I finally figured out that these problems were due to a GPO applied to my computer last week.  The GPO in question changes a lot of permissions, which negatively impacts the operation of key Windows components such as Cryptographic Services.  Once we pulled the problematic GPO, my activation/validation problems went away.

    Thanks for your help.

    Best wishes,
    Matthew

    Tuesday, January 18, 2011 6:51 PM
  • "Matthew X. Economou" wrote in message news:de402f25-ade7-465a-bc81-f657b584688f...

    I finally figured out that these problems were due to a GPO applied to my computer last week.  The GPO in question changes a lot of permissions, which negatively impacts the operation of key Windows components such as Cryptographic Services.  Once we pulled the problematic GPO, my activation/validation problems went away.

    Thanks for your help.

    Best wishes,
    Matthew


    Wow! - I don't suppose there's any chance you could send me a copy of the relevant GPO ( ngs AT crashfixpc DOT co DOT uk), is there?
    It'd be interesting from a forensic point of view - and to assuage my curiosity.
    Glad you got it sorted, anyhow - and well done for tracking it down.
     
    Good Luck.
     

    --


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Tuesday, January 18, 2011 11:07 PM
    Moderator
  • What was the GPO, im havng the same issue
    Friday, March 16, 2012 4:44 AM
  • "evapilotnathan" wrote in message news:15fba0fc-590d-4b65-bc3f-eab7b068a809...
    What was the GPO, im havng the same issue
     
    Please post an MGADiag report to your OWN NEW thread – that way it can receive proper attention.

    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
    Friday, March 16, 2012 10:49 AM
    Moderator