Sigh...

I have an IBM A51 machine with a legitimate copy of Windows XP Pro SP2 bundled.

Yesterday after a new Windows Update was released and my Automatic Update client installed it.

By default, since I was running as a normal User, I did not receive an autoupdate notification, and my GPO was set to install updates and restart machines automatically, so WGA was installed...

Then when I was logging out the machine after one day of working...

Ooopppps...

"Your Windows is not genuine..."

What on earth are you doing, Microsoft...?

I have contacted technical support at Microsoft, but I am yet to receive a solution...

here is the fix.

I love your signature, kwanbis.

In fact, this is the first time I really wish I had Linux installed on my desktop.

Unfortunately in my office, everyone is using Windows, and there are applications that only work with Windows and Internet Explorer...

That's a strange occurance that a gen Windows install would be considered an ungen one. Anyways thanks for posting your findings should I ever run into it.

After some investigation with the technical support, and messing around with the re-activation (or the weird situation of unsuccessful re-activation), the technical support eventually asked me to uninstall the WGA Notifier, and wait for it to be re-installed again by Automatic Update, then see if the problem still exists.

I did observe something strange during troubleshooting. The WGA notifier has no problems with accounts having Administrators rights. I granted local administrator rights to my domain user account and WGA does not pop up. But for normal Users, WGA pops up and nags about ungenuine WinXP.

"The worst situation would be", the tech support said, "to clone your machine with the factory image and re-install everything."

The machine is working nicely, with absolutely no problems with hardware or software. Yet I may have to re-install everything just because of failed validation on my legitimate WinXP.

So be aware everyone.

The other option would be to not allow the WGA thing to install in the first place. Means you have to turn off auto-updates, but I never install half of that stuff in the first place.
"Outlook Express has six critical security updates available!"
"You mean the Outlook Express that doesn't even exist on my computer because I forcefully removed it with n-lite? Sure, I'll get right on that."

Funny how Windows can be a wonderfully secure system as long as you don't, like, use any of the Microsoft programs...

There are currently articles on Digg and Slashdot talking about the new WGA version. Some postings in them describe how to disable the current version of WinGenA. Maybe if you PMed me, you could "miraculously" find those links. But I'm sure you can find it on google news otherwise.

Sure I can block the update, even specifically WGA notifier, but this is not the solution.

The main point is, why the legitimate WinXP becomes a pirate. I am confident that I have no trouble with WGA because I am legitimate, yet I become a victim. This is the problem of WGA, and it needs to be solved no doubt.

And, oh well, IBM machines do NOT come with WinXP CDs anymore. They use a proprietary recovery system that uses part of your HDD to hold a factory default image.


Sure I have found a lot, but they sure are not legal to be used in a corporate environment, and since I am the SA in the office, I am the one responsible for these issues, and a truely legal and working solution must be found to tackle the problem, not those hacking and changing DLLs.

Currently, I am suspecting something with LUA myself, because I found that WGA has no problem when I login the machine with "local administrator" privileges, regardless it is the administrator, or a domain user account given local administrator privilege.

Look at the file permissions. Maybe they're screwed up somehow.

I dont expect things to become better in the windows-world - more like the opposite.
Today (i'm working as a freelance pc-technician) i had to apply a hack to the TCP-IP Service of WinXP SP2. Reason? MS reduced the maximum amount of half-open connections to 10 - once it is reached, and the machine is not running with admin-rights - the net-connection stalls. Result: about 10 client-PCs in an INet-cafe were troubleshooted for hours searching for the cause of random net-unavailability on individual PCs.

Thus, in a corporate environment losses were introduced because of a stupid decision in WinXP SP2(It was NOT a bug - microsoft intentionally did it to lower the spread-rate of virusses, completely ignoring use-scenarios where many apps are running which access the net) - and i had to do microsofts-job by fixing it with a hack.

Its just pathetic... Pirated windows users can easily get around all this stuff, and this stuff only hurts the legitimate users :/

haha this is just funny. Microsoft is fucking itself by adding the new WGA thing. the only thing that's gonna do is make Windows sales go down so that users can migrate to Mac and *nix.

also i saw an article on Slashdot which predicts that OpenOffice will have more users due to the fact that Microsoft recently added OGA(Office Genuine Advantage) to Office 12. but some users might use older versions because of the fact that OpenOffice doesn't have grammar checking.

The only WGA cough cough "advantage" I ever seen being sarcastic of course was MS giving away some free stuff like the MS Match-Up game oh wow, and some other free bonehead useless downloads. XP is definately my last Win OS, I'll either be a MAC user or Linux user in the future when I finally grow tired of XP which true be known I've never fully liked due to all the hidden crap in the OS.

call the activation telephone number, NOT techsupport.
if your key is really clear, they will give out a new activation.

I did that with Office XP, too... no questions asked.

The only thing stopping me from jumping is EAC I am yet to find a similar program on Linux. REACT isn't that much of a lost as will just have to sit down and really write scripts.

I did that already, and WGA Notifier STILL said I was using a pirated copy. So the support told me to remove WGA temporarily.

It is now removed, dunno when it will be reinstalled.

After investigating the loading of WGA Notifier with Filemon and Regmon, I found that WGA notifier had some issues access various registry keys and files. With further investigation, with WGA Notifier removed unfortunately, I found that there are some differences in permissions for the "All Users\Application Data" directory. My machine is different to a newly bought machine. Maybe the previous owner of my machine did something strange.

I have reset the permissions to be as close to the new machine as possible. Let's see if WGA Notifier works this time.


That's very strange. We have about 40 - 50 machines with XP SP2, and we do not have this problem.

http://bink.nu/Article2208.bink
http://forums.vr-zone.com/archive/index.php/t-16349.html

The two links are about p2p-issues, but in our case it affected non-p2p apps as well.

I would like to test if I can reproduce similar problems in my office. Would you please show me what you did to trigger the problem?

Thank you.

I can trigger that particular problem every time, just try to download any torrent file with a torrent client that doesn't take the limit into consideration (not uTorrent, in other words). Because it tries to make lots and lots of connections rapidly, you get the "EventID 4226" in the event logs almost immediately. There are patches to up the limit to 50 or so. I haven't tried them. You could also cause it by having a web browser try to open 11 or more sites simultaneously (easy with Firefox and the SessionSaver extension).

Microsoft's stated reason for this limit is to prevent malware from trying to do massive outbound connections all at once.

Thank fors your explanation.

As far as I know, this modification only affects the rate of making outbound connections, slowing it down to 10 simultaneous connection attempts, further connections are queued, but the total number of connections are not limited.

Thus the symptom of network outage is interesting. If the clients make more than 10 outbound connection attempts simultaneously, it will slow down because further connections are queued, but network unavailability is a little too severe.

Right. Personally, i have no explanation for this weird behaviour as well. All i know is that the affected PCs were scanned with multiple virusscanners, spyware scanners and worm-scanners - were running under restricted rights, and there was no DSL-outage at the same time - and of course the mentioned eventlog message would be visible when checking the log under admin-rights.

If i should speculate about it, then i would guess that some application caused some kind of infinite-loop - by opening many half-open connections in a short time, and if it wouldn't get a reply fast (low timeout) then open *additional connections* to retry. I have absolutely no evidence to support it, but its the only possible cause i can imagine.

- Lyx

well.. I uh.. heard from reliable sources that that geniune .dll can be hacked very easy with a debugger.

...

Why should I have to go through the hassles if, you know, I am a legitimate user?