Having trouble activating Windows? 3


Recently, I’ve had no end of hassles activating valid copies of Windows – be it Windows 7 or Windows Server 2008 R2.  At first, I thought it was perhaps the result of a “usual” cause – network connectivity, blocked ports or so on.

To begin – a recap.  I installed Windows Server 2008 R2 into a virtual machine client as the operating system.  The VM image was configured correctly, and could connect to the Internet with no hassles.  Actually, it could even connect to the Windows Update service and download and install patches.

What it would not do is… activate.  I stopped the Base Filtering Engine (which is not a best practice, but in a NAT’ed environment, can help you diagnose if you have a port blocking issue) and tried again with no luck.  In the Application Event Log I was seeing the following two entries, each time I tried to activate:

Source=Security-SPP
Level=Error
Description=License acquisition failure details. hr=0x80072F8F

Source=Security-SPP
Level=Error
Description=Acquisition of Secure Processor Certificate failed. hr=0x80072F8F

Naturally, I consulted the grand oracle of error messages (Google) which came up with some sparse and varied responses.

The following support article pops up: http://support.microsoft.com/kb/921471:

“This issue may occur when you connect to the Internet through a proxy server where Basic authentication is enabled.”

In this case (check your proxy settings, etc.) most experienced people would have naturally already verified.  For the record, it had nothing to do with proxy settings for me – nor did I have an internal licensing server (KMS – i.e. this link).

The root cause was far more interesting.

Dumping the full event log item revealed more information than the Event Log reader was showing (on the face of it).  Here’s the Event Log:

eventlog

Yet here is the complete event log entry (I’ve removed the SOAP message payload in the data):

Log Name:        Application
Source:             Microsoft-Windows-Security-SPP
Date:                 5/06/2012 1:56:59 PM
Event ID:           8200
Task Category: None
Level:                Error
Keywords:         Classic
User:                 N/A
Computer:         VM-01
Description:
License acquisition failure details.
hr=0x80072F8F
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="49152">8200</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-06-05T03:56:59.000000000Z" />
    <EventRecordID>527</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>VM-01</Computer>
    <Security />
  </System>
  <EventData>
    <Data>hr=0x80072F8F</Data>
    <Data>00010001(0x00000000, 13:56:53:111 – http://go.microsoft.com/fwlink/?LinkID=88342)
00020001(0x00000000, 13:56:53:111)
00030001(0x00000000, 13:56:53:111 – http://go.microsoft.com)
00030002(0x00000000, 13:56:53:111 – 0)
00040001(0x00000000, 13:56:53:111 – http://go.microsoft.com)
00040002(0x00000000, 13:56:53:111 – 0, &lt;NULL&gt;, &lt;NULL&gt;, &lt;NULL&gt;)
00040006(0x00000000, 13:56:53:111 – 1, http://go.microsoft.com, &lt;NULL&gt;, &lt;local&gt;)
00020005(0x00000000, 13:56:53:111 – 0)
0002000C(0x00000000, 13:56:53:298 – 302)
0002000E(0x00000000, 13:56:53:298 – https://activation.sls.microsoft.com/slspc/SLActivate.asmx)
00020001(0x00000000, 13:56:53:298)
00030001(0x00000000, 13:56:53:298 – https://activation.sls.microsoft.com)
00030002(0x00000000, 13:56:53:298 – 0)
00040001(0x00000000, 13:56:53:298 – https://activation.sls.microsoft.com)
00040002(0x00000000, 13:56:53:313 – 0, &lt;NULL&gt;, &lt;NULL&gt;, &lt;NULL&gt;)
00040006(0x00000000, 13:56:53:313 – 1, https://activation.sls.microsoft.com, &lt;NULL&gt;, &lt;local&gt;)
00020005(0x00000000, 13:56:53:313 – 0)
00020008(0x80072F8F, 13:56:59:195 – SOAPAction: "http://microsoft.com/SL/ActivationService/IssueToken"
[Rob: [SOAP DATA OMITTTED]]
  </Data>
  </EventData>
</Event>

What struck me here was that the location of the activation service was included.  For the record, it appears to be the following location:

https://activation.sls.microsoft.com/slspc/SLActivate.asmx

So my next step was – open Internet Explorer and try to browse to the ASMX service.  This led to the following observation:

image

It appears that the signing certificate expired yesterday!

image

So.. there’s a lesson.  When in doubt, try to connect directly to the destination.  In this case, I solved the problem (set the system clock to 1 June) and was able to successfully activate.

Update 6/6/2012 –

In light of a Microsoft Security Advisory notification about rogue certificates signed with a valid chain to the Microsoft Root CA:

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

I decided to check on the details of the activation cert.  Luckily, it does not purport to be from within the chains stipulated in the report:

image image
It also appears that the certificate has been updated – it now expires  on the 5th of December, 2012.

This is all related to the “flame” malware, which used Microsoft CA-issued certificates to conduct man-in-the-middle attacks against Windows machines.


About Rob Sanders

IT Professional and TOGAF 9 certified architect with nearly two decades of industry experience, 18 years in commercial software development and 11 years in IT consulting. Check out the "About Rob" page for more information.


Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

3 thoughts on “Having trouble activating Windows?