Blog Stats
  • Posts - 90
  • Articles - 0
  • Comments - 29
  • Trackbacks - 0

 

Wednesday, November 5, 2014

Why has the Windows 8.1 Update worked?


Back in September I installed Windows 8.0 on my test machine at work. I had finally managed to get hold of a Volume Licence installation image from Mordac, our company’s Preventer of Information Services. Amusingly, a Volume Licence installation cannot use Windows Update to apply Windows 8.1 and requests for a VL version of the update fell on deaf ears.

Why can't I find the update in the Store?

You might be running an edition of Windows 8 that doesn’t support updating from the Store

Some editions of Windows 8 don’t support updating to Windows 8.1 from the Store. These include the following:

  • Windows 8 Pro, if installed by an organization or a program that uses Volume Licensing. Talk to your system admin, or the administrator of the program that was used to install Windows 8.

Windows would offer me the option to install the retail 8.1 Update and then complain that the update wasn’t compatible with my installation so after a couple of goes I ignored the messages.

Today, being bored, I accepted the message just so I could watch the Update fail, reminding me of my miserable existence in the technological ghetto.

And the Update started working. Aagh! That’s not supposed to happen…

I now appear to have Windows 8.1.

image

The last part of the update prompted for a product key but allowed me to skip entering one.

Concerned, I checked what I now had installed:

Product keys and activation (Industry 8.1)

Determine the License Details for Your Image

You can use the Windows Software Licensing Management Tool (SLMgr.vbs) to obtain details of the license in your for your image. Type the following command at an elevated command prompt on the device to obtain the device’s current license information:

Slmgr -dli

The information returned will include the last five characters of the product key used for the device’s image, the license status, and the length of time remaining until the license expires, if applicable. The contents of the License Status field will indicate whether your image is licensed or in a notification state.

image

Checking the Notification Reason:

How to troubleshoot Volume Activation error codes in Windows 7, in Windows Server 2008, and in Windows Vista

Error code - 0xC004F009
Error message The Software Protection Service reported that the grace period expired.
Activation type - MAK
Possible cause - The grace period expired before the system was activated. Now, the system is in the Notifications state.
Troubleshooting steps - See the section “User Experience.”

Using Softpedia’s Product Key Viewer

image

So now I have what looks like a retail installation of Windows 8.1 Professional with a product key I don’t recognise and a broken activation.

My suspicion is that the product key is from the motherboard (as shown by the Microsoft Data Management (MSDM) OEM ID of HPQOEM). The machine was originally downgraded from Windows 8 OEM to Windows 7 when I first had it and I later upgraded it to Windows 8 VL. The installation seems to have lost the VL product key and found the OEM one instead.

And now Windows is on my back:

image

So a new error code:

How to troubleshoot Volume Activation error codes in Windows 7, in Windows Server 2008, and in Windows Vista

Error code - 0xC004F003
Error message -
The activation server determined the specified product key is blocked
Activation type - MAK
Possible cause - The MAK is blocked on the activation server.
Troubleshooting steps - Contact the Microsoft Activation Call Center to obtain a new MAK and install/activate the system. 

Joy.

Thursday, October 23, 2014

“Couldn’t update to Windows Technical Preview”


Had a look at my Win10 virtual machine just now and saw the following:

Couldn't update

Wasn’t quite what I was expecting. The VM was installed with the Windows Technical Preview so I was not sure what previous version of Windows they were going to restore with.

I went to Windows Update and all that had was a Definition Update for Windows Defender.

Event Viewer next and noticed:

Win10 update 1

Win10 update 2

Win10 update 3

and the next day the same again but ending with a slightly different error code:

Win10 update 4

So that makes some sense – I have Build 9841 of Windows Technical Preview installed so 9860 must be a significant enough update.

Now the error codes are different - 0x80070520 and 0x80070652 – and inconsistency is never a good sign for troubleshooting.

  • 0x80070520 – “A specified logon session does not exist. It may already have been terminated.”
  • 0x80070652 - ERROR_INSTALL_ALREADY_RUNNING

Neither of these are directly helpful but there are a lot of hits on an Internet search for lack of disk space causing 0x80070652 during updates. There needs to be enough space for the download itself plus more for the actual installation and rollback. My poor VM has a 20 GB virtual drive, of which only 6 GB is free. This doesn’t look good.

The error on the first screen – 0x8007000E – is the notorious “Out of memory or system resources” which could mean there’s instead a lack of memory rather than disk space. Memory is much easier to add – hey, wait… Dynamic Memory? Nobody told me about this.

Now my 512 MB RAM VM can use up to 1 GB:

image

(I also unsynched DropBox which freed up 1GB of disk space – always best to change two things at once so you have no idea what worked).

Bingo!

image

Friday, October 3, 2014

Finally migrating off Virtual PC 2007


Now that my home and work desktops are running Windows 8 (or locked down so I can’t install anything), I’m finally moving all my virtual machines from Virtual PC 2007. Losing the drag-and-drop feature was such a deal breaker in the past but now I’ve reached the point where the software just won’t install. As Hyper-V is there in the O/S, I won’t bother experimenting just yet with other managers (such as VMware or Oracle’s VirtualBox) unless there’s something I really can’t work without.

Migrating my virtual machines

The migration isn’t painless – the virtual hardware is different so the guest operating system needs new drivers. Also the integration software has to be uninstalled and replaced. From Wikipedia:

VHD compatibility with Virtual Server 2005 and Virtual PC 2004/2007

Hyper-V, like Microsoft Virtual Server and Windows Virtual PC, saves each guest OS to a single virtual hard disk file with the extension .VHD, except in Windows 8 and Windows Server 2012 where it can be the newer .vhdx. This file contains the entire guest OS, though other files can also be configured to allow "undo information" etc.

Older .vhd files from Virtual Server 2005 and Virtual PC 2004/2007 can be copied and used by Hyper-V, but any old virtual machine integration software (equivalents of Hyper-V Integration Services for other virtualization software) must be removed from the virtual machine. After the migrated guest OS is configured and started using Hyper-V, the guest OS will detect changes to the (virtual) hardware. Installing "Hyper-V Integration Services" installs five services to improve performance, at the same time adding the new guest video and network card drivers. Consequently, Windows guests may require re-activation.

Device Manager in a Windows XP guest OS shows three devices without drivers, one of which is for the network adapter.

image

To fix that requires installing the “Hyper-V Integration Services” but that can’t happen until the existing “Virtual Machine Additions” have been removed.

image

Now this worked the other day but a different virtual machine now throws an error:

“This installer may only be run inside of a virtual machine”

image

Obviously it IS inside a virtual machine but unfortunately I’m not able to engage the installer software in an existential discussion

John : Hello, Installer? Are you with me?
Installer : Of course.
John : Are you willing to entertain a few concepts?
Installer : I am always receptive to suggestions.
John : Fine. Think about this then. How do you know you exist?
Installer : Well, of course I exist.
John : But how do you know you exist?
Installer : It is intuitively obvious.
John : Intuition is no proof. What concrete evidence do you have that you exist?
Installer : Hmmmm... well... I think, therefore I am.
John : That's good. That's very good. But how do you know that anything else exists?
Installer : My sensory apparatus reveals it to me. This is fun.

According to Brian Reid at C7 Solutions:

Installing Integration Services in Hyper-V Clients

If you are running version 13.813 of the Virtual Machine Additions or later then you will be able to uninstall them from within Hyper-V. The problem is with earlier versions. To check which version is installed display the properties for the Virtual Machine Bus device, which is located in System Devices inside Device Manager.

I’m pretty sure the other virtual machine (where the uninstall worked) was running a later version of the Additions than the one that’s throwing the error. Testing that theory out, I tried attaching a copy of the latest VMAdditions.ISO file and got blocked again as the installer didn’t like the changes Hyper-V had already made.

image

A quick Internet search shows two solutions to the uninstallation issue:

  1. The clean solution – go back to hosting the virtual machine with Virtual PC 2007 before removing the Virtual Machine Additions then return to hosting with Hyper-V.
  2. The dirty solution – hack the Virtual Machine Additions installer so it doesn’t bother checking where it is.

Obviously I chose the latter.

  1. Get an MSI editor on to the virtual machine by creating an ISO file containing the editor’s installation files.
  2. Find the VMAdditions MSI file. There will be a file in the %Windir%\Installer folder with a name like 1d6296.msi (yours will be different). File size if 14MB if that’s any help. You may have to double-click the MSI file to check you have the right one.
  3. Edit the MSI file and delete all entries that say CA_IsRunningInsideVirtualMachine and CA_CheckIfWeCanInstall. There should be 6 in total:

    In the ControlEvent table, delete the following rows:
      InstallWelcome InstallNow DoAction CA_IsRunningInsideVirtualMachine
      InstallWelcome InstallNow DoAction CA_CheckIfWeCanInstall
      ReadyToInstall InstallNow DoAction CA_IsRunningInsideVirtualMachine
      ReadyToInstall InstallNow DoAction CA_CheckIfWeCanInstall

    In the CustomAction table, delete the following row:
      CA_IsRunningInsideVirtualMachine 1 ISScriptBridge.dll f24

    In the InstallExecuteSequence table, delete the following row:
      CA_IsRunningInsideVirtualMachine
     
  4. Save the MSI file
  5. Uninstall the Additions

image

Yay!

After a restart, moving on by inserting the Integration Services Setup Disk:

image

image

image

… and we’re done.

image

 

MSI editors

References

Monday, September 29, 2014

Windows 8–can’t install .Net Framework 3.5 (0x800F0906, 0x800F081F)


I’d recently put Windows 8 on a test machine at work and started installing what software I needed. Pretty quickly I found I needed to install .Net Framework 3.5 which is now a ‘Feature’ instead of a separate download.

image

Switching this on prompted me to download files from Windows Update.

image

That seemed to go OK for a while.

image

Unfortunately, after a few minutes, it failed.

image

Error code 0x800F0906 leads you to troubleshooting articles such as:

.NET Framework 3.5 installation error: 0x800F0906, 0x800F081F, 0x800F0907

http://support2.microsoft.com/kb/2734782

“This error code occurs because the computer cannot download the required files from Windows Update.”

 

  1. First suggestion is to check Windows Update is actually accessible. Start with the easy ones Smile
  2. Getting a little bit trickier, second suggestion is to make sure there isn’t a Group Policy in place preventing the install process from contacting Windows Update.
  3. Then you get your hands dirty with DISM.EXE command line instructions.

Deployment Image Servicing and Management tool

Version: 6.2.9200.16384

 

Image Version: 6.2.9200.16384

 

Enabling feature(s)

[===========================65.9%======                    ]

 

Error: 0x800f081f

 

The source files could not be found.

Use the "Source" option to specify the location of the files that are required t

o restore the feature. For more information on specifying a source location, see

http://go.microsoft.com/fwlink/?LinkId=243077.

 

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log

So now I have a new error code – 0x800F081F – to muddy the water with.

Checking the DISM.LOG file

2014-09-29 14:07:15, Info                  
DISM   DISM Package Manager: PID=2296 TID=1256  Error in operation: source for package or file not found, ResolveSource() unsuccessful. (CBS HRESULT=0x800f081f) - CCbsConUIHandler::Error

2014-09-29 14:07:15, Error                
DISM   DISM Package Manager: PID=2296 TID=4732 Failed finalizing changes. - CDISMPackageManager::Internal_Finalize(hr:0x800f081f)

2014-09-29 14:07:15, Error                
DISM   DISM Package Manager: PID=2296 TID=4732 The source files could not be found; their location must be specified using the /source option to restore the feature. – GetCbsErrorMsg

Not really helpful as it doesn’t explain what’s missing. Now I’m happy with my DISM command:

Dism /online /enable-feature /featurename:NetFx3 /All
/Source:C:\Drivers\Microsoft\Windows8\sources\sxs

/LimitAccess

so it must be that the files are missing from the install files, which seems unlikely.

Looking for help on the new error code, I found:

Windows Update error 0x800F081F
http://windows.microsoft.com/en-gb/windows-8/windows-update-error-0x800f081f

The recommended DISM.EXE commands to clean up the Component Store made no difference:

dism.exe /online /cleanup-image /scanhealth
dism.exe /online /cleanup-image /restorehealth

 

I then moved on to Joseph Conway’s Technet blog: 

How to troubleshoot error 0x800F081F when installing roles and features
http://blogs.technet.com/b/joscon/archive/2012/11/30/how-to-troubleshoot-error-0x800f081f-when-installing-roles-and-features.aspx

  1. Download the ISO again – couldn’t complete this one easily. Could fill a blog just on how difficult it is to get access to install software at work…
  2. Clean up the Component Store – already tried
  3. Disable any access to WSUS – also already tried
  4. Update your source media – this sounded promising…

How to update local source media to add roles and features
http://blogs.technet.com/b/joscon/archive/2012/11/14/how-to-update-local-source-media-to-add-roles-and-features.aspx

Sadly, I couldn’t get this to work and gave up trying after a while.

 

Going back to basics, my next stop was CBS.LOG as that’s where the “Component-Based Servicing” work is recorded.

2014-09-29 14:18:47, Info                 

CBS    Calling client to resolve source, cannot find file 'amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.2.9200.21161_en-us_0b79bec03324a82a\PresentationHostDLL.dll.mui'

2014-09-29 14:18:47, Info                 

CBS    Exec: Not able to pre-stage package: Microsoft-Windows-IIS-WebServer-AddOn-Package~31bf3856ad364e35~amd64~en-US~6.2.9200.16384, file: PresentationHostDLL.dll.mui, source: \\?\C:\Windows\Servicing\Packages\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.2.9200.21161_en-us_0b79bec03324a82a\PresentationHostDLL.dll.mui

Looking in the \sources\sxs folder, I can only see sub-folders for

image

and so on but not for the missing folders.

Which is when I noticed that the folders have a build number of 6.2.9200.16384 but the missing folder has a build number of 6.2.9200.21161.

Searching online for the build number quickly found problems with a bunch of Windows Update fixes.

.NET Framework 3.5 0x800F0906 then 0x800f081f
http://answers.microsoft.com/en-us/windows/forum/windows8_1-windows_update/net-framework-35-0x800f0906-then-0x800f081f/cf62fb25-5ba1-4341-962e-881e7a2951a1

Just uninstall updates KB2966826 and KB2966828 and it will help you.

Looking in the list of installed updates, I found I had KB2966827 present:

MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: August 12, 2014

http://support2.microsoft.com/kb/2966827

Now why do I have a .NET Framework 3.5 hotfix installed on a machine that hasn’t yet had .NET Framework 3.5 installed?!

The presence of the hotfix meant the installation was always expecting to find newer files than came with the Windows 8 source files.

As soon as I uninstalled the hotfix, I could add the .NET Framework 3.5 feature and start using my applications.

Friday, August 29, 2014

Root certificate problem in the pipeline


Not particularly fresh news to some people but definitely important for anyone relying on SSL connections to websites who now need to plan for getting SSL certificates from a Root CA that uses SHA-2.

Microsoft Security Advisory 2880823

Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

Published: November 12, 2013

Executive Summary

Microsoft is announcing a policy change to the Microsoft Root Certificate Program.
The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016.
Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2.
Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity.

 

For example, here are the details from a current VeriSign certificate:

clip_image002

 

Will this impact any versions of Windows?

According to:

 

Windows PKI Blog

SHA2 and Windows

Published: September 30th, 2010

 

the support for SHA2 will vary:

No support for SHA2 – Windows XP sp2, Windows 2003 sp2

Limited support for SHA2 – Windows XP sp3 with KB 938397/KB 968730, Windows 2003 sp2 with KB 938397/KB 968730

Full support – Windows Vista and above

Note – “Limited support” added by the hotfixes mentioned includes the following SHA2 hashes: SHA-256, SHA-384, SHA-512 (but not SHA-224).

 

What’s up with SHA-224?

According to Alejandro Campos Magencio’s cryptography blog

Decrypt my World

SHA-2 support on Windows XP

Published January 23rd, 2009

Regarding SHA-224 support, SHA-224 offers less security than SHA-256 but takes the same amount of resources. Also SHA-224 is not generally used by protocols and applications.

 

Further reading

Security Research and Defence Blog

Security Advisory 2880823: Recommendation to discontinue use of SHA-1

Published November 12th, 2013

Tuesday, April 1, 2014

Handy Windows end-of-support page


Reference articles

Product Start date Mainstream support ends Extended support ends
Windows Server  2003 R1 & R2 Varies 13/Jul/2010 14/Jul/2015
Windows Server  2008 R1 & R2 Varies 13/Jan/2015 14/Jan/2020
Windows Server  2012 R1 Varies 09/Jan/2018 10/Jan/2023
Windows XP (Home, Professional, Media Centre, Tablet) Varies 14/Apr/2009 08/Apr/2014
Windows Vista 25/Jan/2007 10/Apr/2012 11/Apr/2017
Windows 7 22/Oct/2009 13/Jan/2015 14/Jan/2020
Windows 8.0 / 8.1 Varies 09/Jan/2018 10/Jan/2023
Windows XP Professional for Embedded Systems 31/Dec/2001 14/Apr/2009 08/Apr/2014
Windows XP Embedded 30/Jan/2002 11/Jan/2011 12/Jan/2016
Windows Embedded for Point of Service 06/Jun/2005 12/Apr/2011 12/Apr/2016
Windows Embedded CE 6.0 30/Nov/2006 09/Apr/2013 10/Apr/2018
Windows Embedded Standard 2009 14/Dec/2008 14/Jan/2014 08/Jan/2019
Windows XP Embedded POSReady 2009 10/Mar/2009 08/Apr/2014 09/Apr/2019
Windows Embedded Handheld 6.5 17/Dec/2010 13/Jan/2015 14/Jan/2020
Windows Embedded Standard 7 29/Jul/2010 13/Oct/2015 13/Oct/2020
Windows Embedded Compact 7 15/Mar/2011 12/Apr/2016 13/Apr/2021
Windows XP Embedded POSReady 7 10/Sep/2011 11/Oct/2016 12/Oct/2021
Windows Embedded 8.0 /8.1 Varies 10/Jul/2018 11/Jul/2023
Windows Embedded Compact 2013 11/Aug/2013 09/Oct/2018 10/Oct/2023

Demystifying Point of Sale Malware and Attacks


Orla Cox has blogged about the various threats to Point-Of-Sale (POS) terminals on Symantec’s website:

Demystifying Point of Sale Malware and Attacks

There’s an associated whitepaper which is also worth a read:

Attacks on Point of Sales Systems (PDF)

The coming months should be interesting as cybercriminals start making use of the stockpile of Windows XP exploits they’ve been building up ready for the operating system’s end-of-support date to arrive.

Thursday, February 20, 2014

MCPs–we’re not all evil.


This quote (from the "License to Summon" rulebook for The Laundry role playing game system) may amuse.

Laundry employees can get a license to summon. It’s not that hard. Just complete a few basic Health and Safety and Demonology Courses, do the test, complete the very simple practical exam, and you’re certified. Peter-Francis Young has one, for Yog’s sake! It’s less demanding than getting a Microsoft Certified Professional qualification, and just like an MCP, a license to summon allows you to loose mind-eating horrors on an unsuspecting world.

The games designers are obviously continuing with the anti-Microsoft digs found in the source material, the “Laundry Files” series of novels written by Charles Stross. In his writings, Charles does not come across as a big fan of the Microsoft range of products. In fact, last October he ranted at length on “Why Microsoft Word must Die”. Not a happy man as far as IT goes.

Tuesday, February 11, 2014

End of PCI Compliance for Windows XP


Microsoft has announced that Windows XP will reach end-of-life on April 8th, 2014.
Windows 2000 already reached end-of-life on 13th July, 2010.

PCI-DSS Compliance requires all elements of a Point-Of-Sale (POS) payment application environment to be supported by their vendors with security updates, which includes the operating system the application runs on. Security updates from Microsoft for an operating system come to an end when it is no longer supported. At that time, PCI-SSC will regard any merchant using that operating system as being non-complaint with PCI-DSS. This is covered in the PCI-DSS documentation under “Requirement 6: Develop and maintain secure systems and applications”:

6.1 Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Deploy critical patches within a month of release.

It’s therefore a good idea to upgrade any operating system being used for a POS payment system that is no longer supported or will soon reach the end of support. Not doing so may expose merchants to the risk of fines and penalties should their environments be compromised whilst not being compliant with the PCI-DSS.

References

  1. Windows XP SP3 and Office 2003 - Support Ends April 8th, 2014
  2. Extended Support for Windows 2000 Server Ends on July 13, 2010
  3. Microsoft Support Lifecycle
  4. PCI DSS Quick Reference Guide

Monday, January 20, 2014

I thought “Print Screen” did just that


Just had an Adobe update install unwanted applications - Google Chrome and a browser toolbar. Irritating, I know, especially as it means I missed the sneakily hidden opt-out tick box. This just reinforces the knowledge that I could never work in marketing as it would mean discarding my moral code.

But I digress.

I took some screenshots to compose a vitriolic Tweet around and noticed that something weird was going on with the clipboard.

Here’s what the screen looked like to my eyes (or to my SmartPhone):

image

Here’s what went into the clipboard after I pressed the Print Scrn button on the keyboard:

image

Where have the tail and the black outline to the box gone?

 

 

Copyright © John Breakwell