Endless windows key activation burning OEM keys



  • Bug related to https://forums.fogproject.org/topic/6391/endless-windows-key-activation-burning-oem-keys

    @Jbob said:

    v0.9.10 has been released and addresses this issue.

    I updated to v.0.9.11 on a test client today.
    Looking at the log file i found the following lines:

     15.03.2016 11:55 HostnameChanger Checking Product Key Activation
     15.03.2016 11:55 Bus Registering ParseBus in channel Power
     15.03.2016 11:55 Bus Became bus client
     15.03.2016 11:55 Bus Registering OnNotification in channel Notification
     15.03.2016 11:55 Bus Registering OnUpdate in channel Update
     15.03.2016 11:55 HostnameChanger Windows has correct key but is not licensed
     15.03.2016 11:55 WinActivation Installing Product key
     15.03.2016 11:56 Process --> Exit Code = 0
     15.03.2016 11:56 WinActivation Activating Product key
     15.03.2016 11:56 Process --> Exit Code = 0
    

    These steps repeats every few minutes,

    Running slmgr.vbs /dli shows the following status:

    alt text

    Does the following lines in https://github.com/FOGProject/fog-client/blob/master/Modules/HostnameChanger/Windows/WinActivation.cs need to be changed so the german “lizenziert” will be recognized?

     public static bool IsActivated()
            {
                var info = GetSLMGROutput("/dli");
                var flattenedInfo = string.Join(" ", info);
    
                return flattenedInfo.Contains("Licensed");
            }
    

    Suggestion by Quazz:

    @Quazz said:

    Might be safer to have the opposite check (check for unlicensed and only then try to activate rather than check for licensed and try to activate when that doesn’t match) to prevent keys from burning. I think people would prefer their computers not activating because of language issues rather than keys burning.


  • Senior Developer

    @jayphizzle What I think you’re seeing, unless you compiled your own version of the FOG Client for 1.2.0, is the OEM Keyed systems automatically activate themselves if the Product Key is not set in the unattend and SLIC is detected. FOG 1.2.0, by default, did not have a Product Key activation system. I don’t know what kind of issues this would cause with a client that actually can use the key, but I’m imagining it doesn’t work the same way as what would be normally expected.



  • @Tom-Elliott Thanks for the information. I will try to get some more informations about the slic activation process .

    Until now i had no issues using the key from the sticker on the hardware or the one saved in the bios.
    So i wonder why this is not working with 0.9.12 anymore.


  • Senior Developer

    @jayphizzle You shouldn’t have to do anything for OEM Keys. In fact, the <ProductKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</ProductKey> element should not even be a part of the unattend file, and you should not need to enter the key for each host. OEM Keys are usually activated through SLIC by taking a bit of information as it’s stored off the BIOS and sending that bit to where ever it is keys are sent to be validated/activated (typically off the internet).

    Why do I know this? Well we use OEM Keys where I work as well.



  • Hi!

    We use OEM Keys (which were shipped with the hosts).
    So every host as a different key in the fog db.
    And the sysprep’ed imaged was created without a key.

    in fog 1.2 the windows activation via fog works flawless.


  • Moderator

    @Tom-S +1 for setting up a KMS server. I think there is a minimum license count of 25 licenses. But if you have more than 25 systems in your environment it is well worth the time. The other benefit is that if you have systems that are retired, that retired license (after the 180 day cool down period) that license is returned to the available license pool. You can also get KMS keys for server as well as MS Office and Office components. This is the easiest method to manage MS licensing. As far as I know once a MAK key is used, it is consumed and is never returned to the license pool if the system is retired. From what I understand you can call the MS Licensing center and have them add more MAK keys to your pool as long as you don’t allocate more than you are entitled.

    I can say sometimes you will use a mixture of MAK and KMS keys. For remote systems that never connect back to your main site (where the KMS server is) you will need to use a MAK key for activation. If you don’t do this the client will go to an unactivated state for anything that is issued via KMS.

    In our case we do not activate the reference image or connect it to the domain. We don’t use the fog client for activation (we could but we decided to just use the unattend.xml file to connect the target computer to the domain and activate the kms license).


  • Developer

    I guess I am going to throw out some things about licensing with MAK keys and activating with SLMGR

    First MAK keys:
    Multiple Activation Keys are kind of funny. The hardest thing to wrap your head around is the amount of times you can Activate the key. In general you get to activate 4 times for every license you buy. I am sure you are saying WTF are you talking about… “I bought 100 license and got a MAK key. Are you telling me I can activate 400 licenses”? No that is not what I mean. The MAK key will let you activate a total of 400 times for the 100 licenses you bought in a year. So if you imaged 100 computers 4 times in a month and tried to activate one more computer you would get an error like “The MAK key has exceeded…” at which point you would call MS VL Services to have them reset your counter.

    Good that mombo jumbo is out of the way ;-)
    Issues with activating a MAK key in an image:
    Lets say you made a base image with a different key than your MAK key. Created the image and deployed it. Then you have fog activate using the MAK key. It will activate however on next reboot it is not Genuine. Again WTF!! This is because When a key is already installed and you use a new key with slmgr.vbs (slmgr.vbs /ipk xxxxx-xxxxxx-xxxxxx etc) it will install and activate it if you ask it to. However it will get erased on shutdown, because the old key was never removed. So in general you need to uninstall the old key then install the new one before activation. So:
    slmgr.vbs /upk
    slmgr.vbs /ipk xxxxx-xxxxx…
    slmgr.vbs /ato

    This in a simple batch script will take care of your issue make a simple snapin!
    An interesting factoid. When you install a MAK key on a machine and use a product key extraction software. The machine will have a unique key that is not the MAK key. You can activate this key as many times as you wish for that particular machine. Just found that kinda neat.

    Final word of advice. If you are managing licenses on 50+ machines and have a MAK key for them…use a KMS server. super easy to install and it will never talk back to MS. It is kind of an honor system with them. You can activate however many machines you want with them and it will always activate them. Obviously there are some restrictions like the machine will have to check in once 180 days to reactivate to your kms sever and you must activate 25+ machine before the server will actually work. Again the server is super easy to setup!!

    I have over 5000 windows computers to activate and license and I have a KMS server that activates all versions of Windows: Vista-10 and Server 2008 - 2012, and Office too. I just install the kms key on the client before I make the image and they auto activate the key once they finish imaging.

    Sorry for the long post but thought some clarification was needed!

    T


  • Moderator

    @jayphizzle said:

    @Tom-Elliott said:

    @Jbob I hope this was addressed with the release of 0.9.12, so I’m going to solve the thread for now.

    If this is still a problem please feel free to mark it as unsolved.

    I testet 0.9.12 today. The continuing key activation seems to be fixed.
    But i now have the problem that the activation does not work after reinstalling the system.

    21.03.2016 15:42 HostnameChanger Checking Product Key Activation
    21.03.2016 15:42 HostnameChanger Already activated with correct key
    

    But the host is still in the “30 days trial”

    alt text

    #EDIT#

    Created new thread for new bug.

    Informing @Jbob



  • @Sebastian-Roth said:

    @jayphizzle Probably best if you post this new issue as new topic so people reading this don’t get confused. Helps a lot I reckon.

    Sure no problem


  • Developer

    @jayphizzle Probably best if you post this new issue as new topic so people reading this don’t get confused. Helps a lot I reckon.



  • @Tom-Elliott said:

    @Jbob I hope this was addressed with the release of 0.9.12, so I’m going to solve the thread for now.

    If this is still a problem please feel free to mark it as unsolved.

    I testet 0.9.12 today. The continuing key activation seems to be fixed.
    But i now have the problem that the activation does not work after reinstalling the system.

    21.03.2016 15:42 HostnameChanger Checking Product Key Activation
    21.03.2016 15:42 HostnameChanger Already activated with correct key
    

    But the host is still in the “30 days trial”

    alt text

    #EDIT#

    Created new thread for new bug.


  • Senior Developer

    @Jbob I hope this was addressed with the release of 0.9.12, so I’m going to solve the thread for now.

    If this is still a problem please feel free to mark it as unsolved.


  • Senior Developer

    @Wayne-Workman no such complications are needed. When I have free time, I simply need to find the appropriate registry values to check if the license key is armed or not (no language dependencies)


  • Moderator

    Another idea I just thought of - an installation argument/option to specify the words/letters to compare against for determining license status. This would avoid changes to the web-gui.


  • Moderator

    @Quazz Then Windows activation would only work for systems using English.

    Another potential solution may be to simply let the FOG admin save the word “Licensed” in their own language somewhere in the web GUI, and have the client compare against that.


  • Moderator

    @Wayne-Workman My idea would be to ONLY continue when it detects Unlicensed, so burning keys won’t be possible in that scenario. So if anything that isn’t “Unlicensed” is detected the script will not continue to try and use the key, it will only continue of Unlicensed.


  • Moderator

    You pegged exactly where the issue is, good job! It’s comparing the output against the english word “Licensed”.

    Thinking about Quazz’s suggestion, I think checking for “Unlicensed” could potentially also have a license-burning effect too, because if we are looking for “Unlicensed”, both licensed and unlicensed hosts not using English will fail.

    We need something that doesn’t rely on English (or any particular language), or we need a way to make the system return the results of that command in English-only. Like the existence of a file, or a registry entry, or something more generic.

    @Jbob Hoping you have some good ideas.


Log in to reply
 

485
Online

38963
Users

10708
Topics

101604
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.