KB971033 causing activation issues on Windows 7 Enterprise PCs
The year 2019 begins like the year 2018 ended for administrators and users running Windows: troublesome.
Microsoft's cumulative updates for Windows 7 released on the January 2019 Patch Day caused networking issues under some configurations, and the whole Windows 10 version 1809 fiasco is still fresh as well.
Reports are coming in that the update KB971033 is causing activation issues on Windows 7 Enterprise PCs. The update, which Microsoft released in April 2018, updates the Activation Technologies of Windows 7 Home Basic, Home Premium, Professional, and Ultimate.
Notice what is not included? Right: Enterprise! Even though the update should not be installed on KMS-controlled devices, it got on (some) of them apparently.
Microsoft acknowledged the issue in KB4480960, the summary for the January 9, 2019 update for Windows 7.
After installing this update, some users are reporting the KMS Activation error, “Not Genuineâ€, 0xc004f200 on Windows 7 devices.
A system administrator opened a thread on Reddit reporting that thousands of Windows 7 VDI machines reported that they were not genuine this morning and that he found out after a lengthy troubleshooting session that the update KB971033 was the cause.
The admin concluded that the activation issue had something to do with a change in how Microsoft Activation servers respond to standard KMS keys being sent to them.
The admin resolved the issue by uninstalling the update from Windows, deleting the KMS cache and activation data from affected PCs, and re-activating against KMS.
Woody Leonhard found a workaround published on Microsoft's Technet forum for the issue. Nick Bryant published the following steps to address the issue.
- net stop sppsvc
- del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah
- del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah
- net start sppsvc
- slmgr /ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
- slmgr /ato
A more detailed solution asked users to remove the update KB971033 that causes the issue as well. I have attached it just in case.
- Uninstall KB971033. If the machine doesn’t have KB971033 installed please follow the below steps.
- Reboot
- Run Command Prompt as administrator manually or via a PowerShell script from https://support.microsoft.com/en-us/help/4032981/powershell-script-for-windows-7-non-genuine-issue-is-available/.
- Type: net stop sppsvc
- Type: del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 /ah
- Type: del %windir%\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 /ah
- Type: del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- Type: del %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\cache\cache.dat
- Type: net start sppsvc
- Type: slmgr /ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
- Note: The 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH key is for Windows 7 Enterprise. If the OS is different, find the corresponding KMS client key from https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys and use it instead.
Now You: What is your expectation for 2019 in regards to updates for Windows?
Yeah, let’s all migrate to Windows 10 that has child molesters favorite search engine built in! You can even search for child pornography via the context menu in NOTEPAD, superduper convenient! https://www.howtogeek.com/fyi/3-months-later-bing-is-still-suggesting-horrifying-things/
Thank goodness I disabled Windows Updates well over a year ago.
Didnt update w7 since august 2016 and never had a problem. I keep the browser, firewall updated.
Also common sense is the best antivirus/firewall ever. If i really want to do stuff, i do it in a non persistent VM .
Linux looks better and better atm.
@Martin Brinkmann:
Thanks very much for this, Martin. My dad has a couple of laptops running Windows 7 Enterprise that he periodically needs to bring into work to reactivate. I’ll be on the lookout for KB971033 when I go over to update them.
Seriously all the smart techies should stop installing patches for Windows 7 after 2017 December. No one’s gonna hack you, just risk it. Spectre and Meltdown mitigations have slowed it down considerably after 2018 patches. And now there’s a constant stream of something breaking. You can’t have both – a fully patched Windows 7 AND a problem-free AND FAST experience. Pick one. Microsoft doesn’t care and is only legally obligated. If they would have it their way, they will forced Windows 10 on everyone immediately.
jeff, stefann,
This .reg should disable Meltdown/Spectre mitigations: “https://www20.zippyshare.com/v/boQOAZln/file.html”
Source:
“https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution”
It’s confusing as hell, but this is how you disable it. Also, Simplix Update Pack has these mitigations disabled by default.
I forgot to mention, it is valid for all Windows versions, 7/8/10 and their server counterparts.
@Jeff : I mistakenly updated my Windows 7 Ultimate x64 with WSUS offline installer (security updates only) and forgot to remove the Meltdown and Spectre patches. Even with a SSD Windows 7 became 10% to 15% slower. Uninstalled the patches, restarted the computer, still about 8% slower. Now i made a clean install with a Windows 7 Ultimate x64 with updates integrated until May 2017. Fast and without all bugs introduced later.
@Jeff:
Has everyone already forgotten the WannaCry ransomware attack that hit the National Health Service’s unpatched Windows 7 computers in Britain, in May 2017?
As I recently explained to a friend, the calculus isn’t a high probability of problems from installing Windows updates versus a low probability of being hacked or infected — it’s a high probability of fixable or reversible problems from installing Windows updates versus a low probability of potentially *catastrophic*, unfixable, irreversible problems as a result of being hacked or infected.
In many cases, problems caused by Windows updates can be undone by simply uninstalling the update and waiting for a fixed version to be released. Sometimes there are interim workarounds like the one mentioned in this article. And if an update completely borks the system, restoring a system-drive image or swapping in a system-drive clone takes care of the problem. (I really wouldn’t rely on Windows’ own System Restore. It’s *never* worked for me, and I’ve read too many accounts from other people it hasn’t worked for — usually when they desperately needed it to and had no other form of system backup on hand. But reinstalling and reconfiguring Windows and all of your applications from scratch is fun, right? /s)
But if you get hacked and someone steals your data, or installs a keystroke-logging or remote-mirroring program on your system, or deletes your data or encrypts and holds it for ransom and you don’t have a deep, multi-tiered backup system in place, you are *screwed*.
That’s why I continue to install security-only updates, judiciously, and only after making fresh external-drive backups of my system and a fresh clone of my system drive. I’m not *in*vulnerable, just *less* vulnerable, and that’s the best most Windows users can practically shoot for.
I suppose a group of network admins could band together and bring a class action lawsuit against MS and claim payment for the extra hours spent troubleshooting and fixing such blatantly unreliable updates–what, “gross negligence”?
noun – “It is more than simple inadvertence, but it is just shy of being intentionally evil. If one has borrowed or contracted to take care of another’s property, then gross negligence is the failure to actively take the care one would of his/her own property. If gross negligence is found by the trier of fact (judge or jury), it can result in the award of punitive damages on top of general and special damages.”
@VioletMoon & @ Veritas:
If you’re talking about the US, Microsoft’s contracts of adhesion (non-negotiated, take-it-or-leave-it contracts) with customers, including EULAs, almost certainly all contain mandatory arbitration clauses (no individual lawsuits) and bans on class actions (no group lawsuits). Unfortunately, the US Supreme Court has upheld these two types of clause in contracts of adhesion, leaving many (most?) aggrieved consumers with no meaningful recourse for wrongs done to them. In order to defeat the clauses and proceed in court, a class-action complaint against Microsoft for repeatedly screwing up updates would have to “sound in tort” rather than in contract. And I don’t think you’d have an easy time finding a judge who agrees that the gravamen of the complaint sounds in tort. (Well … unless that judge were me! “Microsoft, you say? Tort it is!” ;-)
Good idea. Though, the burden of proof would be on the plaintiff as well as court costs in the advent of a loss and possibly a counter-suit.
If you build a extensive, strong case and have legal acumen. Also, large amounts of time, conviction and finical backing; I’d agree, it could be a potent class action lawsuit.
Fastest, Easiest individualized way to beat M$ is to switch to Linux and be done with the evil empire.
Who updates W7 in this day and age?
Thou shalt not commit: Bandwagon Fallacy.
@Veritas:
At whom is that directed? Who’s jumping on whose bandwagon?
@Peterc
Hiya Peterc, that was a reply to: w7forever. My mistake for not using a @w7forever reference.
I hit reply to his comment and the reply showed up below yours.
Take care, your comment is quality. I’d go with Mint Linux as well.
@Veritas:
No worries. I wasn’t taking umbrage or anything — I was genuinely confused.
PS: I just learned that the final part I need for my Linux Mint computer is being shipped via DHS eCommerce, and that in the US DHS hands off domestic shipments to UPS or USPS for the final delivery leg. If they hand off to USPS and it gets handled by my usual distributing Post Office, it’s a crap shoot as to whether I’ll actually receive it — a crap shoot I lost the first time I placed the order (with a different vendor). I gotta tell ya, when Reagan broke the postal workers unions and set up a two-tier pay system, it was a gift that keeps giving. /s As a former law professor of mine used to say, “If you pay peanuts, you get monkeys.” (No offense to monkeys.)
Obviously, I meant to type “DHL.” I must have DHS on the brain or something. (They’re EVERYWHERE! ;-)
@w7forever:
I do. But I disabled Windows Update and use WSUS Offline Update to apply security-only updates alone, and only after waiting long enough for bug reports (like the instant one) to begin popping up on the Net and be confirmed.
And I don’t apply all security updates willy nilly, either. For example, when there were questions about the reliability of the December 2018 out-of-band Internet Explorer 11 cumulative security update, I gave it some thought and ended up simply turning off Internet Explorer 11 in Windows Features. (I never use Internet Explorer and it’s a continual source of security vulnerabilities, like Flash and Acrobat. And I haven’t missed any of the other “vital” Windows services that depend on Internet Explorer — at least not yet.)
After putting in serious time and effort to find a generally more reliable updating system than Windows Update, and to avoid specific buggy updates, I’ve been lucky for the most part. But there’s no question in my mind that Meltdown patches in particular have slowed down the Windows 7 computers I’ve worked on to a very noticeable degree.
BTW, I intend to switch to Linux Mint as my own primary OS imminently — the last part I need for the computer I’ll be running it on is just about to ship — and I will no longer need to keep on top of the Windows-updating train wreck in progress. It will be a huge relief. Even cutting-edge *Fedora* updates seem to be better vetted than Microsoft updates. And with a *conservative* distro like Mint, well … again, it will be a huge relief.
Microsoft are testing to see if they can revert some hundred billion activations done by Windows Loader before Windows 7 support ends..? If they succeed EVERYONE will definitely switch to Windows 10! ummm oookaaayyyytheeeen… Messing up a few hundred million legitimate activations while trying, is of course 100% acceptable. Collateral damage.
Windows Updates are now the #1 cause of problems in Windows. LOL
“Now?” They always were. Except when the Registry was the main problem – which is another “forever” issue Microsoft has never fixed and never will since it would involve a redesign of the whole OS.
Another major Update problem has been .NET updates. They’ve NEVER worked properly. In the past, on XP, one had to rip out the whole .NET system and reinstall it piece by piece, taking hours, to fix it. A Microsoft official blogger even had to invent a script to do this to help users.
Microsoft would never do this … or would they …
One way to get people to adopt Windows 10 is to put out bad updates for Windows 7 and Windows 8.
They have “perfected” the update process. Let’s see how bad Win 7 & 8 updates get towards their EOL.
Then how would you explain the big mess M$ brought with Windows 10 October 2018 update (build 1809). I completely disagree with you and there is no way M$ would intentionally do that for Windows 7 users.
Windows 7 is coming off support next year anyway. But to be more accurate let’s agree that M$ screwed up the update process for all versions due to lack of thorough testing and verification/feedback from user community.
LOL, you beat me to it!! and well said. bravo.
But that would require at least stable and accurate updates in W10. IMHO Microsoft is light years away from that!
@ Caper
Buggy updates in Win 10 are mostly self-inflicted when M$ sacked the Windows Testing Division in mid 2014, whereas buggy updates in Win 7 are likely intentional by M$ in order to force upgrades to Win 10 asap = like a Mafia shakedown.
That update always caused issues on Winfows 7. I always block it.