Windows activation fails...
54 views
Skip to first unread message
Markus Klocker
Mar 19, 2026, 2:48:44 AMMar 19
to ntsys...@googlegroups.com
I wonder if anyone has encountered that issue and has a way to work
around or resolve it...
Description:
Script based activation of Windows fails though the key is entered
correctly (at least seeing the ending of the key in the GUI).
Entering the same key after multiple failed script based tries in the
GUI succeeds immediately.
This isn't very helpful for an automated deployment :)
Any ideas?
Thx in advance
Markus
around or resolve it...
Description:
Script based activation of Windows fails though the key is entered
correctly (at least seeing the ending of the key in the GUI).
Entering the same key after multiple failed script based tries in the
GUI succeeds immediately.
This isn't very helpful for an automated deployment :)
Any ideas?
Thx in advance
Markus
Wright, John M
Mar 19, 2026, 8:04:08 AMMar 19
to ntsys...@googlegroups.com
Offhand, maybe look at Powershell execution policy.
Aside from that, does it fail with an error message? What kind of account runs the script?
--
John Wright
IT Support Specialist
1800 Old Bluegrass Avenue, Louisville, KY 40215
502.708.9953
Please submit IT requests to Hazelwoo...@bluegrass.org
24 Hour Helpline 1.800.928.8000
CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/ad24ee82-ca13-4e32-a8c8-2059891d7320%40univie.ac.at.
Aside from that, does it fail with an error message? What kind of account runs the script?
--
John Wright
IT Support Specialist
1800 Old Bluegrass Avenue, Louisville, KY 40215
502.708.9953
Please submit IT requests to Hazelwoo...@bluegrass.org
24 Hour Helpline 1.800.928.8000
CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/ad24ee82-ca13-4e32-a8c8-2059891d7320%40univie.ac.at.
Philip Elder
Mar 19, 2026, 9:31:19 AMMar 19
to ntsys...@googlegroups.com
Put the -ato on a separate line if it isn't already.
Slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Slmgr -ato
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
MPECS Inc.
E-mail: Phili...@MPECSInc.Ca
Phone: +1 (780) 458-2028
Web: www.MPECSInc.Com
Blog: Blog.MPECSInc.Com
Twitter: Twitter.com/MPECSInc
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Markus Klocker
Sent: Thursday, March 19, 2026 00:49
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Windows activation fails...
Slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Slmgr -ato
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
MPECS Inc.
E-mail: Phili...@MPECSInc.Ca
Phone: +1 (780) 458-2028
Web: www.MPECSInc.Com
Blog: Blog.MPECSInc.Com
Twitter: Twitter.com/MPECSInc
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Markus Klocker
Sent: Thursday, March 19, 2026 00:49
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Windows activation fails...
Philip Elder
Mar 19, 2026, 9:37:12 AMMar 19
to ntsys...@googlegroups.com
Not sure what it looks like to all y'all but this is what I see and not what I typed:
Slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Slmgr -ato
The SlMgr steps are separate lines.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/5c557bc000744787ba1f46e266bef438%40MPECSInc.Ca.
Markus Klocker
Mar 19, 2026, 9:37:20 AMMar 19
to ntsys...@googlegroups.com
That is not the issue... most of the time it works A OK!
Markus Klocker
Mar 19, 2026, 9:37:42 AMMar 19
to ntsys...@googlegroups.com
I'll try that!
Thx!
Thx!
Markus Klocker
Mar 19, 2026, 9:41:45 AMMar 19
to ntsys...@googlegroups.com
Thx for clarifying! I guess that saves some time :)
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/8ce58bb5261b44c9b36b00270ef36535%40MPECSInc.Ca.
Bruce Franklin
Mar 21, 2026, 10:14:22 AM (12 days ago) Mar 21
to ntsys...@googlegroups.com
I have seen this problem but only when installing an Enterprise key on
Professional. When it happens Windows continues to identify itself as
Professional and activation fails. The only work-around I have found is
to reboot the system. After that Windows identifies itself as
Enterprise and activation succeeds. This happens with both KMS and MAK
product keys.
As usual, Microsoft was no help with this so I finally configured our
in-house deployment software to install the product key before rebooting
and that was the end of the problem.
Professional. When it happens Windows continues to identify itself as
Professional and activation fails. The only work-around I have found is
to reboot the system. After that Windows identifies itself as
Enterprise and activation succeeds. This happens with both KMS and MAK
product keys.
As usual, Microsoft was no help with this so I finally configured our
in-house deployment software to install the product key before rebooting
and that was the end of the problem.
Mayo, Bill
Mar 30, 2026, 11:58:39 AM (3 days ago) Mar 30
to ntsys...@googlegroups.com
I have an account that is a member of Domain Admins that I have used for all kinds of things over many years. I fully acknowledge it was a bad practice and I didn't always do a great job of documenting where it was used. Anyway, I am down to the short rows on getting rid of this thing and I have become stuck.
From our SIEM, I see that we are still getting regular authentications against this account on the DC's. Specifically, I am seeing event 4776 (the computer attempted to validate the credentials for an account) against this account. This particular event log message does not provide any computer/ip other than itself in the event log entry. I was thinking maybe these were coming from some device doing an LDAP query using that account, but my efforts to look into the LDAP logs seems to suggest that is not the case.
I am fairly certain that the authentications are not coming from a process running directly on the DC's (have confirmed no scheduled tasks, no services, no processes, nothing from Process Monitor or Process Explorer with that account).
The DCs only have standard DC things installed (AD role, DNS role) and the only 3rd party software is endpoint management and VMWare tools.
I have googled this thing to death, but haven't really found anything that helps point me in a direction. Anybody have any ideas on a way to pinpoint the source of these authentications that I am missing?
Bill Mayo
From our SIEM, I see that we are still getting regular authentications against this account on the DC's. Specifically, I am seeing event 4776 (the computer attempted to validate the credentials for an account) against this account. This particular event log message does not provide any computer/ip other than itself in the event log entry. I was thinking maybe these were coming from some device doing an LDAP query using that account, but my efforts to look into the LDAP logs seems to suggest that is not the case.
I am fairly certain that the authentications are not coming from a process running directly on the DC's (have confirmed no scheduled tasks, no services, no processes, nothing from Process Monitor or Process Explorer with that account).
The DCs only have standard DC things installed (AD role, DNS role) and the only 3rd party software is endpoint management and VMWare tools.
I have googled this thing to death, but haven't really found anything that helps point me in a direction. Anybody have any ideas on a way to pinpoint the source of these authentications that I am missing?
Bill Mayo
Hammer, Erich F
Mar 30, 2026, 12:08:54 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com
At some point I resort to the "squawk method": Disable the account and see who complains. Set a deadline (a day, a week, a month, etc.) and if nobody/nothing makes noise by that time, it couldn't be/have been that important.
It’s a disruption, but resolving it takes far less time than keeping it live while you track it down and getting a compromise on the account.
Erich
On Monday, March 30, 2026 at 11:58, Bill Mayo eloquently inscribed:
It’s a disruption, but resolving it takes far less time than keeping it live while you track it down and getting a compromise on the account.
Erich
On Monday, March 30, 2026 at 11:58, Bill Mayo eloquently inscribed:
James Iversen
Mar 30, 2026, 12:10:33 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com, ntsys...@googlegroups.com
Taking a guess. How about DHCP binding creds for DNS registration?
Sent from my iPhone
> On Mar 30, 2026, at 11:58 AM, Mayo, Bill <Bill...@pittcountync.gov> wrote:
>
> I have an account that is a member of Domain Admins that I have used for all kinds of things over many years. I fully acknowledge it was a bad practice and I didn't always do a great job of documenting where it was used. Anyway, I am down to the short rows on getting rid of this thing and I have become stuck.
Sent from my iPhone
> On Mar 30, 2026, at 11:58 AM, Mayo, Bill <Bill...@pittcountync.gov> wrote:
>
> I have an account that is a member of Domain Admins that I have used for all kinds of things over many years. I fully acknowledge it was a bad practice and I didn't always do a great job of documenting where it was used. Anyway, I am down to the short rows on getting rid of this thing and I have become stuck.
> --
> You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/DS9PR09MB122053C62C04614A1C3349EEC9B52A%40DS9PR09MB12205.namprd09.prod.outlook.com.
> You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
Wright, John M
Mar 30, 2026, 12:39:25 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com
Have you tried looking for the corresponding 4625 events. You might get the endpoint name from that.
--
John Wright
IT Support Specialist
1800 Old Bluegrass Avenue, Louisville, KY 40215
Please submit IT requests to Hazelwoo...@bluegrass.org
24 Hour Helpline 1.800.928.8000
CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Mayo, Bill
Sent: Monday, March 30, 2026 11:59 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Track down source of authentication
|
EXTERNAL EMAIL - This email was sent by a person from outside your organization. Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity. |
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
Mayo, Bill
Mar 30, 2026, 1:12:48 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com
That is a great suggestion, but this is one that I setup with a properly privileged account from the start. I did double check to confirm, though.
-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of James Iversen
Sent: Monday, March 30, 2026 12:10 PM
To: ntsys...@googlegroups.com
Cc: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Track down source of authentication
EXTERNAL EMAIL: This email originated from outside of Pitt County Government. Do not click any links or open any attachments unless you trust the sender and know the content is safe.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/155B28B7-4152-4BD0-9A26-C8F064CC7341%40gmail.com.
-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of James Iversen
Sent: Monday, March 30, 2026 12:10 PM
To: ntsys...@googlegroups.com
Cc: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] Track down source of authentication
EXTERNAL EMAIL: This email originated from outside of Pitt County Government. Do not click any links or open any attachments unless you trust the sender and know the content is safe.
Mayo, Bill
Mar 30, 2026, 1:13:32 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com
So, I am not seeing 4625 entries that correspond to the times, but it also looks like 4625 is a failed logon attempt. The logon/authentication is succeeding.
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
On Behalf Of Wright, John M
Sent: Monday, March 30, 2026 12:39 PM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Track down source of authentication
|
EXTERNAL EMAIL: This email originated from outside of Pitt County Government. Do not click any links or open any attachments unless you trust the sender and know the content is safe. |
Have you tried looking for the corresponding 4625 events. You might get the endpoint name from that.
Philip Elder
Mar 30, 2026, 1:52:22 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com
This is my first thought too.
Just change the password. You'll find out where it's cached really quick.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
MPECS Inc.
E-mail: Phili...@MPECSInc.Ca
Phone: +1 (780) 458-2028
Web: www.MPECSInc.Com
Blog: Blog.MPECSInc.Com
Twitter: Twitter.com/MPECSInc
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
-----Original Message-----
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/155B28B7-4152-4BD0-9A26-C8F064CC7341%40gmail.com.
Just change the password. You'll find out where it's cached really quick.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
MPECS Inc.
E-mail: Phili...@MPECSInc.Ca
Phone: +1 (780) 458-2028
Web: www.MPECSInc.Com
Blog: Blog.MPECSInc.Com
Twitter: Twitter.com/MPECSInc
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of James Iversen
Sent: Monday, March 30, 2026 10:10
To: ntsys...@googlegroups.com
Cc: ntsys...@googlegroups.com
Sent: Monday, March 30, 2026 10:10
To: ntsys...@googlegroups.com
Cc: ntsys...@googlegroups.com
Rick McClure
Mar 30, 2026, 3:30:19 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com
That would work. Look at the logs so you know about when this will happen again. Then change the password for a while then change it back after the event has passed and pick up any pieces.
Rick.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/d3ca7fb4dbe74484b98e3de3e643cf00%40MPECSInc.Ca.
Rick.
James Iversen
Mar 30, 2026, 3:37:04 PM (3 days ago) Mar 30
to ntsys...@googlegroups.com
Change it back 🤣
Sent from my iPhone
> On Mar 30, 2026, at 3:30 PM, Rick McClure <rmcc...@rmc-enterprises.com> wrote:
>
> That would work. Look at the logs so you know about when this will happen again. Then change the password for a while then change it back after the event has passed and pick up any pieces.
> To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/ABCEB02DCBBDBB429FE098A2F85D11DA4429349F%40VENUS2A.RMC-CORP.local.
Sent from my iPhone
> On Mar 30, 2026, at 3:30 PM, Rick McClure <rmcc...@rmc-enterprises.com> wrote:
>
> That would work. Look at the logs so you know about when this will happen again. Then change the password for a while then change it back after the event has passed and pick up any pieces.
Reply all
Reply to author
Forward
0 new messages