积极答复者
请问我的系统己正版激活,却显示这些日志错误,该如何解决呢?

问题
-
我的系统是 windows server 2008 R2 Enterprise sp1 版,作为服务器系统使用,我购买了 key 对系统进行激活,但是显示激活成功了,但是每次登录系统时,日志里总是显示以下错误:
1,“Windows 处于通知期。”
2,“Windows 许可证激活失败。错误 0x80070005。”
3,““C:\Windows\System32\systemcpl.dll”的激活上下文生成失败。 找不到从属程序集 Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"。 请使用 sxstrace.exe 进行详细诊断。”请问,这是为什么呢? 求高手指点,谢谢!
答案
-
WMI 10事件,见KB2545227,以后这种问题,自己先搜KB,可能立马有答案。
User Profiles Service 1530的警告,不必担心,系统这么记录,是告诉你,有个程序在你注销时没关闭对注册表的访问,系统强制把它给关了,见kb947238,如果每次注销时都记录,那么你感兴趣的话可以稍微研究一下。
Technical problem is never a problem.
- 已标记为答案 Tom Zhang – MSFTModerator 2013年7月5日 5:33
全部回复
-
日志名称: Application
来源: Microsoft-Windows-Winlogon
日期: 2013/6/4 15:17:30
事件 ID: 4105
任务类别: 无
级别: 警告
关键字: 经典
用户: 暂缺
计算机: ERPSRV2.ronsen.com
描述:
Windows 处于通知期。
事件 Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Winlogon" />
<EventID Qualifiers="32768">4105</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-06-04T07:17:30.000000000Z" />
<EventRecordID>48778</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>ERPSRV2.ronsen.com</Computer>
<Security />
</System>
<EventData>
<Data>0x00000000</Data>
<Data>0x00000000</Data>
</EventData>
</Event> -
C:\Users\Administrator>cscript c:\windows\system32\slmgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.8
版权所有(C) Microsoft Corporation 1996-2001。保留所有权利。
软件授权服务版本: 6.1.7601.17514
名称: Windows Server(R), ServerEnterprise edition
描述: Windows Operating System - Windows Server(R), VOLUME_MAK_B channel
激活 ID: 6a4bd364-4b60-4856-a727-efb59d94348e
应用程序 ID: 55c92734-d682-4d71-983e-d6ec3f16059f
扩展 PID: 55041-00168-507-457743-03-2052-7601.0000-1552013
安装 ID: 003073253173198400155024882410533700592891551910903822
部分产品密钥: F42H7
许可证状态: 已授权 -
slmgr看起来是正常的。
那么,请再用MGADiag tool看一下诊断结果是否有异常
http://go.microsoft.com/fwlink/?LinkID=52012
另外,从你的Winlogon报错代码来看,80070005是访问被拒绝,怀疑是某程序文件读取权限问题。建议你在一个登录了的会话里开个ProcessMonitor抓Winlogon.exe进程,然后登录另一个帐号,重现出错Log,然后回到ProcessMonitor观察Access Deny条目,找出线索。
Technical problem is never a problem.
-
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-*****-*****-F42H7
Windows Product Key Hash: G13KGnjNdjHEYUMKaXE8bf5QFOg=
Windows Product ID: 55041-507-4577435-84644
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00030112.1.0.010
ID: {A8D60CD5-3A54-49BF-AB6E-2A6A49ED2C09}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Server 2008 R2 Enterprise
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16384], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16384], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A8D60CD5-3A54-49BF-AB6E-2A6A49ED2C09}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00030112.1.0.010</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-507-4577435-84644</PID><PIDType>6</PIDType><SID>S-1-5-21-3383030218-2530437819-481377107</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>System x3650 M3 -[7945I05]-</Model></SYSTEM><BIOS><Manufacturer>IBM Corp.</Manufacturer><Version>-[D6E150AUS-1.10]-</Version><SMBIOSVersion major="2" minor="5"/><Date>20101215000000.000000+000</Date></BIOS><HWID>A00C3A07018400FE</HWID><UserLCID>0804</UserLCID><SystemLCID>0804</SystemLCID><TimeZone>中国标准时间(GMT+08:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>IBM </OEMID><OEMTableID>THURLEY </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
软件授权服务版本: 6.1.7601.17514
名称: Windows Server(R), ServerEnterprise edition
描述: Windows Operating System - Windows Server(R), VOLUME_MAK_B channel
激活 ID: 6a4bd364-4b60-4856-a727-efb59d94348e
应用程序 ID: 55c92734-d682-4d71-983e-d6ec3f16059f
扩展 PID: 55041-00168-507-457743-03-2052-7601.0000-1552013
安装 ID: 003073253173198400155024882410533700592891551910903822
部分产品密钥: F42H7
许可证状态: 已授权
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAgAAAAAAAQABAAEA6GFUsybxkJecRIQ0RrzIdgqvYNiq8jix6oI=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: no, invalid SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC IBM THURLEY
FACP IBM THURLEY
HPET IBM THURLEY
MCFG IBM THURLEY
TCPA
SLIC IBM THURLEY
SSDT IBM CPUSCOPE
SSDT IBM CPUSCOPE
SSDT IBM CPUSCOPE
ERST IBM THURLEY
DMAR IBM THURLEY
-
非常谢谢FINY的赐教!只是在服务器重启后出现错误。系统之前被破解过,现在购买了正版,但是不想重新安装系统。请问有什么办法解决?谢谢赐教!
- 已编辑 win 2008 r2企业版 2013年6月5日 2:27
-
我一开始也猜过你可能在激活前用过什么破解改掉了某些系统文件。
现在看来的确如此,那段信息里的关键信息应该是:
File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16384], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16384], Hr = 0x800b0100
那么,你找一台干净机器(相同Edition,SP,hotfix)想办法把这两文件弄出来,替换进去试试。
Technical problem is never a problem.
-
-
这个问题搞好了。但是又有个错误出现。
日志名称: Application
来源: Microsoft-Windows-WMI
日期: 2013/6/7 16:08:09
事件 ID: 10
任务类别: 无
级别: 错误
关键字: 经典
用户: 暂缺
计算机: ERPSRV2.ronsen.com
描述:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
事件 Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-06-07T08:08:09.000000000Z" />
<EventRecordID>53446</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>ERPSRV2.ronsen.com</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>还有个警告出现。
日志名称: Application
来源: Microsoft-Windows-User Profiles Service
日期: 2013/6/7 16:03:06
事件 ID: 1530
任务类别: 无
级别: 警告
关键字:
用户: SYSTEM
计算机: ERPSRV2.ronsen.com
描述:
Windows 检测到注册表文件仍在由其他应用程序或服务使用。将立即卸载此文件。包含注册表文件的应用程序或服务以后可能无法正确运行。
详细信息 -
1 user registry handles leaked from \Registry\User\S-1-5-21-3383030218-2530437819-481377107-500:
Process 904 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3383030218-2530437819-481377107-500\Printers\DevModePerUser
事件 Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-06-07T08:03:06.454310800Z" />
<EventRecordID>53302</EventRecordID>
<Correlation />
<Execution ProcessID="792" ThreadID="4316" />
<Channel>Application</Channel>
<Computer>ERPSRV2.ronsen.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3383030218-2530437819-481377107-500:
Process 904 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3383030218-2530437819-481377107-500\Printers\DevModePerUser
</Data>
</EventData>
</Event> -
WMI 10事件,见KB2545227,以后这种问题,自己先搜KB,可能立马有答案。
User Profiles Service 1530的警告,不必担心,系统这么记录,是告诉你,有个程序在你注销时没关闭对注册表的访问,系统强制把它给关了,见kb947238,如果每次注销时都记录,那么你感兴趣的话可以稍微研究一下。
Technical problem is never a problem.
- 已标记为答案 Tom Zhang – MSFTModerator 2013年7月5日 5:33